Bugtraq mailing list archives
Re: ISS Advisory clarification
From: Michael Stone <mstone () cs loyola edu>
Date: Fri, 21 Jun 2002 19:07:38 -0400
On Fri, Jun 21, 2002 at 04:15:53PM -0400, Klaus, Chris (ISSAtlanta) wrote:
1) We did notify Apache before going public. ISS X-Force emailed Apache in the morning at 9:44am regarding this Advisory. We waited until the afternoon before sending to Bugtraq for approval and finally reaching
[snip]
We are currently working with another major vulnerability dealing with an open-source vendor whereby we both are coordinating and cooperating and shrinking the 30 day quiet period significantly
Well, I can't argue that a couple of hours isn't significantly shorter than 30 days. I do think it's still somewhat unclear why this second "open-source vendor" gets the courtesy of coordination and cooperation, but the apache group got effectively blindsided. If anything, your second "clarification" seems to contradict your first "response" that the apache project couldn't be trusted with coordination, "due to the general nature of open-source." This seems more like 'obfuscation' and 'covering' than 'clarification'. -- Mike Stone
Current thread:
- ISS Advisory clarification Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Advisory clarification Michael Stone (Jun 21)
- <Possible follow-ups>
- Re: ISS Advisory clarification security curmudgeon (Jun 21)