Re: A funny (but real) story for XMAS

[madsaxon <madsaxon () direcway com>]

At 09:38 AM 12/16/2003 -0500, Jeffrey.Stebelton () bisys com wrote:
> What
> exactly is supposed to "suck" about the site, I wonder??

I don't know that anyone believes the site itself "sucks."
There are those who have an objection to the fact that
CERT is taxpayer-funded, yet charges a fee for its 'premium'
services; i.e., for earliest notification.  For those of us
who don't pay that fee, CERT advisories most often come along
far too late to do any good. Add to that numerous charges of
conflict of interest and less than sterling competence,
and you can see that CERT is perhaps not the resource they
would like you to believe.

Here's Jericho's rant outlining some of the issues:

http://www.attrition.org/security/rant/z/jericho.007.html

There are myriad others available with a little Googling.

The reason OSVDB isn't well populated yet is that each
vulnerability has to be evaluated and written up afresh
in order to avoid violating any existing DB's copyrights.
That takes time.  If you want to shorten that time, go
volunteer. :-)

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html