Full Disclosure mailing list archives
Organization for Internet Safety (OIS) formally announced
From: ben () algroup co uk (Ben Laurie)
Date: Tue, 01 Oct 2002 12:12:02 +0100
Steven M. Christey wrote:
A FAQ is at: http://www.oisafety.org/about.html The FAQ should be of high interest to anybody who does vulnerability research.
Particularly if they are connoisseurs of bullshit: "Does OIS support pre-disclosure of vulnerability information to select groups? No. We believe the software author should be given a chance to create a fix before vulnerability information is made public, but that there should be no further distribution of that information until the fix is complete. This priniciple can be very difficult to adhere to in certain situations, such as dealing with the open source community where there aren't protections to keep vulnerability information secret." Yeah, right! Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Current thread:
- Organization for Internet Safety (OIS) formally announced Steven M. Christey (Sep 30)
- Organization for Internet Safety (OIS) formally announced Isaak Bloodlore (Sep 30)
- Organization for Internet Safety (OIS) formally announced Ben Laurie (Oct 01)
- Organization for Internet Safety (OIS) formally announced Georgi Guninski (Oct 01)
- <Possible follow-ups>
- Organization for Internet Safety (OIS) formally announced phc () hushmail com (Oct 01)
- Re: Organization for Internet Safety (OIS) formally announced Anonymous (Oct 01)
- Organization for Internet Safety (OIS) formally announced sockz loves you (Oct 01)