Bugtraq mailing list archives
Announcement: Important
From: alan () CYMRU NET (Alan Cox)
Date: Mon, 26 May 1997 23:23:15 +0100
I've had various concerns when doing the Linux work with CERT, notably the lack of work CERT does in releasing important bug reports when vendors fail to release adequate fixes, and their lack of bug tracking for non unix systems. It is now over one year since the Sun Solaris 'rsh file descriptor bug' that allows any user to trash network configuration of a solaris box was passed to you[cert]. Nothing appears to have happened, no warning was ever issued to users. I no longer have any faith in CERT nor believe it is the right way to handle the lamentably bad state of computer security today. It muddles along like some kind of comic book 3rd world security agency trying to hide the truth - the only reason we haven't had major computer security catastrophes on the internet is because nobody has lit the fuse, not because we have security. As such I think it is inappropriate for me to continue to work with CERT as the Linux vendor contact and ask that the Linux community find another representative. Bugtraq has over 10,000 subscribers, things reported there generally get fixed and I see little evidence of increased problems through its full disclosure policy. In future I will instead be dealing with bugs I find and learn about directly through bugtraq. Alan Cox EX Linux vendor contact
Current thread:
- Announcement: Important Alan Cox (May 26)
- <Possible follow-ups>
- Re: Announcement: Important Bruce Perens (May 26)
- Re: Announcement: Important Bruce Perens (May 27)