Full Disclosure mailing list archives
Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY)
From: Georgi Guninski <guninski () guninski com>
Date: Thu, 05 Jun 2003 12:43:17 +0300
In short the draft is shit. Especially 2.3 - Timeline.The IETF did not approve a previous version of this shit - my previous rants on it are available at http://www.guninski.com/rfcsec.html In a real world scenario, if ones suffers from fucked up beer, one sues the beer maker and goes to the news. This draft makes one wait when a proof that the warez are fucked up is found. The good news in this draft is that warez vendors from oisafety realize they are lost and helpless in the vulnerability war and actually have lost it technologically. Who the oisafety.org think they are to tell me what to do with my intellectual property? From the members list of oisafety they are just bunch of companies whose goal is to maximize profit.
IMHO http://lists.netsys.com/pipermail/full-disclosure/2002-August/000822.html is much better to follow.
Once again, the draft is shit. -- Georgi "You can't quench the unquenchable." - Ivan Vazov Craig Ozancin wrote:
The Organization for Internet Safety is pleased to announce the beginning of the public comment period for the Draft Security Vulnerability Reporting and Responding Process. This draft process is the result of a lengthy collaboration between leading security researchers and software vendors. We have worked hard to develop a process that addresses the needs of both security researchers and software vendors, and provides a framework for achieving our shared objective of improving security for computer users, the Internet, and the critical infrastructures that depend on it. We welcome your comments on the draft. Please read the draft and find instructions on submitting comments at http://www.oisafety.org/. The period for comments will close on 7 July, 2003. The final process document will be released at the Black Hat Briefings (www.blackhat.com) in Las Vegas from 28-30 July, 2003. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) Craig Ozancin (Jun 04)
- Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) Cesar (Jun 04)
- Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) Georgi Guninski (Jun 05)
- Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) Georgi Guninski (Jun 07)
- Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) Georgi Guninski (Jun 11)
- <Possible follow-ups>
- Re: public comment period for the Draft Security Vulnerability Reporting and Responding Process (OISAFETY) dhtml (Jun 05)