Firewall Wizards mailing list archives
Re: recent disclosure debates
From: Barney Wolff <barney () tp databus com>
Date: Sun, 15 Dec 2002 21:33:05 -0500
On Sun, Dec 15, 2002 at 09:14:53PM -0500, R. DuFresne wrote:
This posting was pretty enlightening on the issue:
Well, no, it wasn't. Despite all the verbiage, the fact remains that ISS released the vulnerability before patches were available to many or most of the people who needed them. If ISC actually refused to release the patches until after the notice, one would think ISS would have said that, but they didn't. So I'm forced to conclude that they released the notice on the scheduled day without checking that ISC had actually released the patches. Both parties look very bad, but ISS is the one more immediately at fault for the premature release, imho. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Adam Shostack (Dec 16)
- Re: recent disclosure debates Paul Robertson (Dec 16)
- Re: recent disclosure debates Adam Shostack (Dec 16)
- Re: recent disclosure debates Paul D. Robertson (Dec 16)
- Re: recent disclosure debates R. DuFresne (Dec 15)
- Re: recent disclosure debates Barney Wolff (Dec 15)
- Re: recent disclosure debates Paul D. Robertson (Dec 15)
- <Possible follow-ups>
- Re: recent disclosure debates ISC Tattler (Dec 17)
- Re: recent disclosure debates Marcus J. Ranum (Dec 17)
- RE: recent disclosure debates Reckhard, Tobias (Dec 17)