Firewall Wizards mailing list archives
OBSD reaction to CERT advisory
From: "Paul D. Robertson" <proberts () patriot net>
Date: Wed, 9 Oct 2002 09:27:12 -0400 (EDT)
You know, it's probably not really CERT's fault, but when a "vendor" reaction to an advisory paints a specific picture about a "competing" project or product *especially* after the IP Filter/OpenBSD fragfest, it's just not good to republish it. The CERT/CC Addendum *should* have been used in this case, or CERT at least should have contacted Darren Reed to get from "I didn't install an ipf machine, but from looking at the code..." to reality. http://www.kb.cert.org/vuls/id/AAMN-5EQPEF When we get such uttlerly childish public statements in a security venue such as a CERT vulnerability note, it doesn't help anyone. I'd think twice about any using an OS from a team who treats security more like a "celebrity deathmatch" wrestling event than a professional one. I hope Darren does update CERT with a statement about IPFilter, and I hope it's based more on the information Mikael posted here than the stuff CERT did the first or second time around (We've gone from SACKs to TCP congestion control on the CERT side...) Between this, misspelling Mikael's last name, and the fact that his vendor statement didn't show up until round 2, I'm not sure CERT has gained much at all credibility-wise, if anything from times past when they were more widely ridiculed. Republishing this sort of childishness doesn't do CERT any good, and writing it in the first place makes the OBSD team look like a bunch of spoiled brats. Statements like "The problem is in ipf" when there's been zero actual verification, let alone communication with the author should be taken as disinformation. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OBSD reaction to CERT advisory Paul D. Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 10)
- Re: OBSD reaction to CERT advisory Darren Reed (Oct 10)
- Re: OBSD reaction to CERT advisory Paul Robertson (Oct 09)
- Re: OBSD reaction to CERT advisory Daniel Hartmeier (Oct 09)