Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Information on MS99-022

From: weld () L0PHT COM (Weld Pond)
Date: Mon, 5 Jul 1999 08:14:47 -0500

On Sun, 4 Jul 1999, Renaud Deraison wrote:


And I'm writing a free security auditing tool, and I won't be able to
implement a security check for this, because I'm not a "vendor" ?
(apparently only software vendors are welcomed to the ICSA's IDC --
 they did not reply to my request of being admitted in this consortium
 [so that I could get information about this flaw])


I have an idea. To counter this information witholding problem, non-vendor
individuals who find security problems should have mailing lists that only
non-vendor individuals are on.  Yeah, sure the information will eventually
leak out but it will take much longer for the problems to be fixed by the
vendors. Of course Microsoft and members of their selected consortia would
be forbidden to join the list.

Does this seem like a good idea? Well personally I think it is crazy but
it is exactly what Microsoft is asking individual security contributers
and practitioners to accept, albeit shoe on other foot.

-weld
Previous By Date Next
Previous By Thread Next

Current thread: