There is basicly no benefits to publishing source codes to exactly reproduce the vulnerability. Did anyone here actually DOWNLOADED Nimda or anything else for that matter and then ran it JUST to see whether they are vulnerable? Do you know of ANY administrators of a large network run off to download the latest or greatest virus or worm just see if it infects them?
When security alerts are published, they usually contains descriptions of the vulnerability and then state the version of software that are currently affected, isn't that enough?
Take a look at Code Red infections, people aren't even willing to patch their systems, you think somehow publishing source codes for script kiddies are going to help the situation?
When security alerts are published, they usually contains descriptions of the vulnerability and then state the version of software that are currently affected, isn't that enough?
Take a look at Code Red infections, people aren't even willing to patch their systems, you think somehow publishing source codes for script kiddies are going to help the situation?