Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: recent disclosure debates

From: ISC Tattler <isc_tattler () yahoo com>
Date: Mon, 16 Dec 2002 22:08:07 -0800 (PST)
Adam Shostack wrote:


On Mon, Dec 16, 2002 at 06:30:21PM -0500, Paul

Robertson wrote:

| By ISS' admission at the time, no 3rd party exploit

code seemed to exist.

I didn't say that that happened this time, I said

that there's a

flurry of activity as you release, and people make

mistakes.

Was it a "mistake" that ISC was distributing patches
for BIND to select
parties, but labeling them "not for public
distribution"? ISC had these
patches on Nov. 12, and likely earlier, but was
unwilling to share them
with the public. Apparently the intent was to wait
until some time in
the week of Nov. 18th, but were apparently guilted
into releasing the source
patches late on November 13.

ISS may or may not have made a mistake in this
disclosure, but ISC's actions were beyond redemption.

The ISC Tattler

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: