Information Security News mailing list archives
Re: Hacker watchdog group in the works
From: InfoSec News <isn () c4i org>
Date: Mon, 12 Nov 2001 03:42:48 -0600 (CST)
Forwarded from: Robert G. Ferrell <rferrell () texas net>
MOUNTAIN VIEW, Calif. -- Microsoft and five security companies announced on Thursday that they would create an organization to promote the responsible publishing of information about software flaws.
Sorry, but "Microsoft" and "responsible" in the same sentence pegged my incongruity meter. My inherent distrust of vendor-initiated and/or moderated forums devolves from the simple fact that vendors (understandably) want to downplay the severity and potential consequences of vulnerabilities discovered in their products. As a consequence, while we might get the bare bones facts about a security flaw and maybe even a fix, we aren't likely to get anything like the exhaustive analysis of the engineering issues underlying a particular vulnerability that now frequently accompanies announcements by independent security analysts. This in effect means that we simply have to trust the vendors to kiss it and make everything all better, despite the fact that they're the same ones who shipped the product with the flaw in the first place. I don't know about you folks, but applying the traditional Redmond 'black box' principle to security gives me the heebie-jeebies. Cheers, RGF Robert G. Ferrell rferrell () texas net - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Hacker watchdog group in the works InfoSec News (Nov 09)
- <Possible follow-ups>
- Re: Hacker watchdog group in the works InfoSec News (Nov 12)
- Re: Hacker watchdog group in the works InfoSec News (Nov 12)