Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Marc Slemko)
Date: Thu, 11 Jul 2002 09:22:45 -0700 (PDT)
On Thu, 11 Jul 2002, Blue Boar wrote:
Simon Richter wrote:To me, the term "full disclosure" does not mean "make it available as fast as possible", but rather "here is the information, expect it to leak in the next two weeks, so go out and fix the bug". The current bugtraq scheme enforces that, and I believe they are doing a great job.There is no Bugtraq "scheme". The Bugtraq moderator does not hold any posts. The poster gets to decide when his informatino is released. The people who post to Bugtraq as just as able to blindside a vendor as on any other mailing list.
Speaking from personal experience, the current bugtraq moderator does, and the previous moderator also did, "hold" certain posts. The cases I have seen fall into one of two categories: 1. having doubts about the authenticity of the information in the post 2. seeing if the poster would like to voluntarily withhold it temporarily and work with vendors. Certainly, if the authenticity of the information is not in question and if the poster insists on posting it, then I have no indication that it would be withheld. I also don't have any reason to think this happens frequently. But there is an extra layer there that, in some cases, does result in submitted posts being delayed, normally with the consent of the poster. I'm not really sure of the need for a "full-disclosure" list, but time will tell. BTW, spewing "[full-disclosure]" into the subject line is a very annoying thing for a list to do.
Current thread:
- Re: Announcing new security mailing list Simon Richter (Jul 11)
- Re: Announcing new security mailing list John Cartwright (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Re: Announcing new security mailing list Simon Richter (Jul 11)
- Re: Announcing new security mailing list Kurt Seifried (Jul 11)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list John Cartwright (Jul 11)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list Lupe Christoph (Jul 12)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list V K (Jul 13)
- Re:Flares and personal opinions Berend-Jan Wever (Jul 13)
- Re:Flares and personal opinions Nick FitzGerald (Jul 13)
- Re:Flares and personal opinions David Benfell (Jul 14)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Ulf H{rnhammar (Jul 13)