Re: ISS Apache Advisory Response

[<dminor () houston rr com>]

I've read through just about every single post regarding ISS and the Apache
bug, their advisory release, their defense, and the response of others throughout
the community regarding this issue.

I am not embarassed to say that I do not agree with ISS's defense.  From an
ethical standpoint, I would interpret their handling of the release to be wrong
and a direct contradiction to some of the basic principles and standards under
which IT professionals conduct themselves.  This incident had a negative impact
on many people (including the Apache develpment team) along with those of us
who are responsible for Apache systems.  In the five years, I've been working
with Linux, I don't recall another incident being handled so poorly.

There are a lot of talented people working with open-source including the
end-users who use these products and I find it rather "dark" to single them
out by saying, "virtual organizations [??] do not have an ability to enforce
strict confidentiality."  There is little to be gained by such a statement.

-- Patrick
"Opinions expressed are only mine."