Full Disclosure mailing list archives
Re: (no subject)
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 13 Aug 2004 11:16:47 -0400
Harlan Carvey wrote:
Agreed in general - though I'm not sure if it's an "open source" issue specifically... I've known many Free Software/Open Source people who are opposed to being held to standards bodies and "closed source" people who are absolutely sticky about adherance to standards. Both perspectives have their downsides. Nonetheless, that's a nitpicking issue -- your primary point is absolutely correct: You can't enforce it; They don't want to do it (and I'm inclined to think they probably shouldn't want to do it -- it's sort of like telling someone that they have to name their kid a certain way so that others can pronounce their name); the problem must be solved some other way.Barry,One other thing I'd like to throw into the mix. This whole discussion is being viewed, it seems to me from the wrong perspective. The attitude that the entire A/V industry should have a common naming convention seems to be coming from the open source camp...whileA/V companies aren't necessarily open source. Companies in general are about making money, and youdo that through establishing and maintaining competitive advantages. Expending resources (ie, people, money, time, etc) on an endeavor to establish and maintain a common naming scheme is an expenditure that has very little (if any) ROI...it can't be justified to investors.
I think that the problem is being looked at as an industry policing issue when it's really an informational issue. By this I mean that the issue is in how the information on said malware is distributed and "digested" by the masses. If there were a central information repository to go to for all of the advisories and for a combined write-up, it'd reduce some of the confusion. It wouldn't cost the AV vendors a thing because it would be a seperate organization. The trick would be funding. Starting a small site is one thing, but a site of this magnitude would have to be funded somehow. Ad revenue probably wouldn't be enough for the bandwidth/equipment/man-hours to put something like this together...How are A/V companies competitive? They identify and analyze malware, and update their products. Doing itfaster and better than the next guy is the key. Slowing that process down to coordinate with othercompanies dissolves the advantage. Let's say I discover a piece of malware, and call a round table meeting...only to find out that none of the other members have discovered the malware yet. My advantage goes bye-bye.
-Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: (no subject), (continued)
- RE: (no subject) Jonathan Grotegut (Aug 09)
- Re: (no subject) Bernardo Quintero (Aug 09)
- Re: (no subject) Frank Knobbe (Aug 09)
- Re: (no subject) Nick FitzGerald (Aug 09)
- Re: (no subject) Maarten (Aug 12)
- Re: (no subject) Nick FitzGerald (Aug 12)
- Re: (no subject) Todd Burroughs (Aug 13)
- Re: (no subject) Harlan Carvey (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- Re: (no subject) Harlan Carvey (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- Re: (no subject) Frank Knobbe (Aug 13)
- Re: (no subject) (try using a friggin subject line...) KF_lists (Aug 13)
- Re: (no subject) Bernardo Quintero (Aug 09)
- RE: (no subject) Jonathan Grotegut (Aug 09)
- Re: (no subject) Nick FitzGerald (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Valdis . Kletnieks (Aug 13)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Nick FitzGerald (Aug 14)
- Re: (no subject) Al Reust (Aug 15)
- Re: (no subject) Maarten (Aug 15)
- Re: (no subject) Michel Messerschmidt (Aug 16)