Firewall Wizards mailing list archives
Re: recent disclosure debates
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 15 Dec 2002 21:42:24 -0500 (EST)
This part of Mark Sala's post caught my eye though, and reading through the slashdot archive is interesting also: http://developers.slashdot.org/comments.pl?sid=44855&threshold=-1&commentsort=0&tid=172&mode=thread&cid=4653012 Re:Did ISS tell bind maintainers? by Florian Weimer (fw () deneb enyo de) on Tuesday November 12, @06:43PM (#4655265) (User #88405 Info | http://www.enyo.de/fw/) Does anyone know if ISS did the right thing, or are they being big doo-doo-heads? In this case, ISS did not rush ahead. This was a coordinated release. Of course, something went horribly wrong, but I don't think ISS is to blame for it (maybe they could have warned ISC that their approach wouldn't work out, though). Thanks, Ron DuFresne On Sun, 15 Dec 2002, Barney Wolff wrote:
On Sun, Dec 15, 2002 at 09:14:53PM -0500, R. DuFresne wrote:This posting was pretty enlightening on the issue:Well, no, it wasn't. Despite all the verbiage, the fact remains that ISS released the vulnerability before patches were available to many or most of the people who needed them. If ISC actually refused to release the patches until after the notice, one would think ISS would have said that, but they didn't. So I'm forced to conclude that they released the notice on the scheduled day without checking that ISC had actually released the patches. Both parties look very bad, but ISS is the one more immediately at fault for the premature release, imho.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Adam Shostack (Dec 16)
- Re: recent disclosure debates Paul Robertson (Dec 16)
- Re: recent disclosure debates Adam Shostack (Dec 16)
- Re: recent disclosure debates Paul D. Robertson (Dec 16)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates Paul D. Robertson (Dec 15)
- <Possible follow-ups>
- Re: recent disclosure debates ISC Tattler (Dec 17)
- Re: recent disclosure debates Marcus J. Ranum (Dec 17)
- RE: recent disclosure debates Reckhard, Tobias (Dec 17)