"Department of Homeland Security" vs. Full Disclosure?

[Dave Farber <dave () farber net>]

From: Ryan Lackey <ryan () venona com>
Subject: "Department of Homeland Security" vs. Full Disclosure?
To: cypherpunks
Date: Tue, 4 Mar 2003 19:56:49 +0000
User-Agent: Mutt/1.5.3i

It appears the DHS is taking responsibility for putting pressure on
those who discover security flaws to keep them quiet until they see
fit to release.  Hopefully in the future those who
discover security flaws will take advantage of the remailer network
and cryptographic signatures to post their findings immediately,
rather than reporting them to the government for processing and delay.

Otherwise, given the government's excellent track record in securing
information, DHS will become the premier location for getting
knowledge of "secret" vulnerabilities.  Plus, is it really a
great stretch to imagine the government will use tit for tat to keep
some vulnerabilities from ever being made public, for their own purposes?
(to have a government-only backdoor, if the vulnerability is
sufficiently well hidden, or to use as leverage with vendors to add
other features for the government, like "this will shame you in the
marketplace, but we can just keep it quiet if you'll play ball with us
on DRM or anti-anonymity in your future products..."

One would think anyone in the "security industry" would be
sufficiently paranoid to not trust the government with this
responsibility.

[http://news.com.com/2100-1009-990879.html?tag=fd_top]
-- 
Ryan Lackey [RL960-RIPE AS24812]   ryan () venona com   +1 202 258 9251
OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B   DE90 07AD BE07 D2E0 301F

------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/