Bugtraq mailing list archives
Re: Submission
From: Rune Kristian Viken <arcade () KVINESDAL COM>
Date: Wed, 29 Nov 2000 13:36:46 +0100
Response to: Vedor Response and Reporting Vulnerabilities. Written by: HellNbak (hellNbak () hushmail com)
At risk of started the age old "Full Disclosure" debate again, I felt that I had to write this. It seems lately, that the so called security industry has lost its backbone. To quote a director of a popular security portal; "The whole thing is just sickening, I am waiting for someone to say something about it". Well, here is your someone.
Strange. I started out, reading this, positive and agreeing. The security industry *has* lost its backbone. Its looking more and more like CERT for every day that goes by - and it makes me sick.
B.) There is nothing forcing Georgi or anyone for that matter to follow RFPolicy, but the policy is a good idea and is very sound, so why not follow it.
What if you disagree with parts of it? Personally I think RFP is far too cooperative, and far too CERT-alike these days.
I know a lot of you are probably thinking that this rant is pointed directly at Georgi and I guess it is as he is probably the largest offender. Georgi, take this message for what it is worth, you are no longer doing the security industry a service, you are letting people know that AOL/Netscape and their big pockets can take a once respected person and obviously very intelligent security professional and use them to do their bidding.
Facts: 1. He discovered a flaw. 2. He published a flaw openly. Arguments: Publishing flaws in security programs gets them fixed. Fixing security flaws are positive. As far as I can see, what he has done, is to get a security flaw fixed. That is a service. Period. Claiming he is not doing us a favor is ridiculous. Trying to force -one policy- upon all security folks are ridiculous. If all flaws are to be handled in One Right Way, I for sure know a lot of folks that won't care to get things fixed, if they discover flaws. -- "Rune Kristian Viken" <arcade () kvinesdal com>
Current thread:
- Submission hellnbak (Nov 28)
- Re: Submission Ryan Russell (Nov 29)
- Re: Submission Georgi Guninski (Nov 29)
- Re: Submission Geo. (Nov 29)
- Re: Submission Gunther Birznieks (Nov 30)
- <Possible follow-ups>
- Re: Submission hellnbak (Nov 29)
- Re: Submission Georgi Guninski (Nov 30)
- Re: Submission Robert G. Ferrell (Nov 29)
- Re: Submission Scott Blake (Nov 30)
- Re: Submission aarhus (Nov 29)
- Re: Submission Rune Kristian Viken (Nov 30)
- Re: Submission Geoffrey Moon (Nov 30)
- Re: submission rain forest puppy (Nov 30)
- Re: Submission Elias Levy (Nov 30)