[Evangelism] Hack Plone! Win a Mac!
steve at dcn.org
Thu Nov 26 23:23:19 UTC 2009
Not sure how I feel about the overall idea, but the exploit documentation
condition *must* be expanded to specify that the exploit be documented to
the Plone security team, and only the security team. Publicizing of
methodology for an attack must be only after a patch is made available, and
the award would be made only after those conditions are fulfilled.
The attack would need to be via Plone — not the OS or other parts of the
stack like reverse proxy. Open registration must be off in the test install.
On Wed, Nov 25, 2009 at 10:28 PM, Nate Aune <natea at jazkarta.com> wrote:
> > All exploits must be documented of course so that we can fix them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Evangelism