Full Disclosure mailing list archives

Organization for Internet Safety (OIS) formally announced

From: ben () algroup co uk (Ben Laurie)
Date: Tue, 01 Oct 2002 12:12:02 +0100

Steven M. Christey wrote:

A FAQ is at:

  http://www.oisafety.org/about.html


The FAQ should be of high interest to anybody who does vulnerability
research.


Particularly if they are connoisseurs of bullshit:

"Does OIS support pre-disclosure of vulnerability information to select 
groups?

No. We believe the software author should be given a chance to create a 
fix before vulnerability information is made public, but that there 
should be no
further distribution of that information until the fix is complete. This 
priniciple can be very difficult to adhere to in certain situations, 
such as dealing with the open source community where there aren't 
protections to keep vulnerability information secret."

Yeah, right!

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Current thread:

Organization for Internet Safety (OIS) formally announced Steven M. Christey (Sep 30)
- Organization for Internet Safety (OIS) formally announced Isaak Bloodlore (Sep 30)
- Organization for Internet Safety (OIS) formally announced Ben Laurie (Oct 01)
- Organization for Internet Safety (OIS) formally announced Georgi Guninski (Oct 01)
- <Possible follow-ups>
- Organization for Internet Safety (OIS) formally announced phc () hushmail com (Oct 01)
- Re: Organization for Internet Safety (OIS) formally announced Anonymous (Oct 01)
- Organization for Internet Safety (OIS) formally announced sockz loves you (Oct 01)