Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CERT, Full Disclosure, and Security By Obscurity

From: Georgi Guninski <guninski () guninski com>
Date: Fri, 31 Jan 2003 18:20:51 +0200
KF wrote:

Blue Boar wrote:


Georgi Guninski wrote:
Recently when I notified some vendors about a vulnerability, I wrote something like a license agreement that the info should not be disclosed to m$, cert, mitre, sf and others. 



What have you got against Mitre?
I have certainly seen some of the folks at Mitre go out of their way to get things documented properly and other things of that nature quite a few times. Steven M. Christey in particular... 



Steven M. Christey proposed the responsible disclosure lame draft and signed it.
I find it quite hipocritical to propose delaying of information, and at the same time mitre to get the 0days before they are released. 

Georgi Guninski
http://www.guninski.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: