Re: Vulnerability Disclosure Debate

["gregh" <chows () ozemail com au>]

> ----- Original Message ----- 
> From: gridrun 
> To: full-disclosure () lists netsys com 
> Sent: Friday, August 08, 2003 2:53 AM
> Subject: [Full-disclosure] Vulnerability Disclosure Debate


> Vulnerability Disclosure Debate
> by gridrun on 8/07/03

> The security alliance around Microsoft is trying to push its "reasonable 
> vulnerability disclosure guidelines", which seeks to prevent security 
> researchers from publishing proof-of-concept code alltogether, and wants 
> them to make only limited, next to useless, information about security 
> flaws available to the public.
> In my humble, personal opinion, this step seeks to maximize income of 
> several large security firms, as they would release any detailed 
> information only to paying groups of subscribers... An inherently 
> dangerous plan, and the argumentation behind it is severely flawed.

I would like to point out one plain and simple thing that, to this day, stuffs up the best - and worst - drawn up plans 
of the Federal Govt here in Oz so will ultimately do the same to MS for their efforts. The law!

Example: Parents with kids who dont want to sit in front of the computer watching what their kids are doing lobbied 
hard and succeeded in getting the Fed Govt here to draw up and pass laws to "limit Internet" which, of course, dont 
work. In one particular law, they decided that even soft porn (topless females etc) were not allowed to be show on 
Internet sites in Oz and one particular guy made a living out of selling such stuff online. Leave out the fact that a 
kid can go into a newsagent and see a lot more of course. Anyway, the day prior to the law coming into effect which 
would have killed his business, he moved the entire web site to another country and used the same web site address not 
missing a beat in the process and though he still sells soft porn online to this day in Oz, as it is hosted in another 
country, it is effectively outside the laws of Oz.

So, if MS really DO get this shit passed, all we have to do is remember this stuff and move the list and it's web site 
and whatever else you think is necessary off to another country where laws are different. Effectively you wouldnt be 
"publishing" in the country that didnt want this happening but publishing nonetheless.

-----------------------------------------------------------------------------
| < Friar Tuck was a Spoonerism victim at the hands of the Merry Men!!> |
-----------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html