Bugtraq mailing list archives
Re: ISS Apache Advisory Response
From: <dminor () houston rr com>
Date: 22 Jun 2002 06:56:36 -0000
I've read through just about every single post regarding ISS and the Apache bug, their advisory release, their defense, and the response of others throughout the community regarding this issue. I am not embarassed to say that I do not agree with ISS's defense. From an ethical standpoint, I would interpret their handling of the release to be wrong and a direct contradiction to some of the basic principles and standards under which IT professionals conduct themselves. This incident had a negative impact on many people (including the Apache develpment team) along with those of us who are responsible for Apache systems. In the five years, I've been working with Linux, I don't recall another incident being handled so poorly. There are a lot of talented people working with open-source including the end-users who use these products and I find it rather "dark" to single them out by saying, "virtual organizations [??] do not have an ability to enforce strict confidentiality." There is little to be gained by such a statement. -- Patrick "Opinions expressed are only mine."
Current thread:
- ISS Apache Advisory Response Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Apache Advisory Response Kee Hinckley (Jun 21)
- Re: ISS Apache Advisory Response Thomas Reinke (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 22)
- Re: ISS Apache Advisory Response Mike Eldridge (Jun 21)
- Re: ISS Apache Advisory Response Security Admin (Jun 24)
- <Possible follow-ups>
- Re: ISS Apache Advisory Response dminor (Jun 22)