Symantec Buys SecurityFocus, among others....

[full-disclosure () lists netsys com (Christopher Meiklejohn)]

--Apple-Mail-4--588032940
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
        charset=US-ASCII;
        format=flowed


Second, I've been amazed at what big fucking morons the "esteemed
hackers" in the community are.  Especially Chris and Jay.  Wow!  I
thought you guys were really intelligent, and to some extent, had a
moderate amount of respect for you two.  The only thing I've seen from
any of you at this point is hidden agenda.  You guys are truely
disgusting.  You guys set the bar for low.  Proof that nothing is ever
what it seems.

For wanting a public vulnerability database?  This is what the security
community is currently missing in a public and open format. There are 
open
source NIDS, vuln scanners, and other security tools. There are public
security mailing lists. There is a public vuln dictionary, CVE.  But 
there
is no public vuln database.  Why is everything else good to have
non-commercial alternatives for except a vuln database?  The open source
tools could tie into it.

I think that a public vuln database would be incredibly useful.  I find 
that when security
advisories are released, trying to search through all of the security 
companies websites
for more information on how it is being exploited, and also how it is 
going to affect my
systems, rather... tedious.

I also think that tying them to the open source tools, or leaving it 
open so that they could be,
would also be a great idea.  Having to find up-to-date signatures for 
all of the security software,
is another task that could be easily automated with something like that.

I know that their are other reasons being discussed on this list about 
the idea of the public vuln database, but, I just thought that I would 
throw out my $0.02.

--Chris

Christopher Meiklejohn
cmeik () gawble net

--Apple-Mail-4--588032940
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
        charset=US-ASCII


<color><param>0000,6363,1212</param>Second, I've been amazed at what
big fucking morons the "esteemed

hackers" in the community are.  Especially Chris and Jay.  Wow!  I

thought you guys were really intelligent, and to some extent, had a

moderate amount of respect for you two.  The only thing I've seen from

any of you at this point is hidden agenda.  You guys are truely

disgusting.  You guys set the bar for low.  Proof that nothing is ever

what it seems.

</color><color><param>0000,0000,DEDE</param>

For wanting a public vulnerability database?  This is what the security

community is currently missing in a public and open format. There are
open

source NIDS, vuln scanners, and other security tools. There are public

security mailing lists. There is a public vuln dictionary, CVE.  But
there

is no public vuln database.  Why is everything else good to have

non-commercial alternatives for except a vuln database?  The open
source

tools could tie into it.

</color>

I think that a public vuln database would be incredibly useful.  I
find that when security

advisories are released, trying to search through all of the security
companies websites

for more information on how it is being exploited, and also how it is
going to affect my

systems, rather... tedious.


I also think that tying them to the open source tools, or leaving it
open so that they could be,

would also be a great idea.  Having to find up-to-date signatures for
all of the security software,

is another task that could be easily automated with something like
that.


I know that their are other reasons being discussed on this list about
the idea of the public vuln database, but, I just thought that I would
throw out my $0.02.


--Chris


Christopher Meiklejohn

cmeik () gawble net


--Apple-Mail-4--588032940--