[Evangelism] Hack Plone! Win a Mac!

Steve McMahon steve at dcn.org
Thu Nov 26 23:23:19 UTC 2009


Not sure how I feel about the overall idea, but the exploit documentation
condition *must* be expanded to specify that the exploit be documented to
the Plone security team, and only the security team. Publicizing of
methodology for an attack must be only after a patch is made available, and
the award would be made only after those conditions are fulfilled.

The attack would need to be via Plone — not the OS or other parts of the
stack like reverse proxy. Open registration must be off in the test install.

On Wed, Nov 25, 2009 at 10:28 PM, Nate Aune <natea at jazkarta.com> wrote:

> >
> > All exploits must be documented of course so that we can fix them.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-evangelism/attachments/20091126/db46bee1/attachment.html>


More information about the Evangelism mailing list