Full Disclosure mailing list archives
Re: A funny (but real) story for XMAS
From: "Kurt Seifried" <listuser () seifried org>
Date: Tue, 16 Dec 2003 14:28:24 -0700
The reason OSVDB isn't well populated yet is that each vulnerability has to be evaluated and written up afresh in order to avoid violating any existing DB's copyrights. That takes time. If you want to shorten that time, go volunteer. :-)
I like the idea of osvdb, I have concerns about the execution. I tried to read: http://www.osvdb.org/terms-conditions.php But after a few pages got tired of trying to figure out how all the various loopholes and things like "We reserve the right, at our discretion, to change, modify, add or remove portions of these terms periodically." will interact. Then there is things like: "You agree not to sell, resell or offer for any commercial purposes, any portion of the Services, use of the Services or access to the Services." So what happens if I reference an osvdb writeup in a commercial product, it would seem even just using whatever identifier osvdb uses for an issue (the name) would violate their terms of service. While the osvdb claims they will use a license similar to the CPL (according to http://www.osvdb.org/status.php/): http://www.opensource.org/licenses/cpl.php They then go on to say: "Currently OSVDB is seeking legal aid to determine how to best reuse the CPL, or draft a similar license. " With all the above loopholes, and the uncertainty about the license and conflicting license/terms of service/etc I have a feeling this company may pull a CDDB (that is, let people enter stuff, and use it for free and then yank it and go commercial). This is sponsored by two commercial companies and let's face it, at the end of the day if it comes down to making an extra buck, or being "nice to the community" most companies will go with the dollar. I could be wrong of course, and sincerely hope I am. But the execution of this project makes me nervous. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A funny (but real) story for XMAS, (continued)
- Re: A funny (but real) story for XMAS Exibar (Dec 16)
- Re: A funny (but real) story for XMAS Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- RE: A funny (but real) story for XMAS Chris DeVoney (Dec 17)
- Re: A funny (but real) story for XMAS Valdis . Kletnieks (Dec 18)
- RE: A funny (but real) story for XMAS Bill Royds (Dec 18)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- Re: A funny (but real) story for XMAS Jeffrey . Stebelton (Dec 16)
- Re: A funny (but real) story for XMAS KF (Dec 16)
- Re: A funny (but real) story for XMAS madsaxon (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- OSVDB (was [Funny Story]) Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- RE: A funny (but real) story for XMAS Schmehl, Paul L (Dec 16)
- Symantec Manhunt ? Frederic Charpentier (Dec 16)
- Re: Symantec Manhunt ? misiu_ (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 16)
- Re: Symantec Manhunt ? misiu_ (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 16)
- Re: Symantec Manhunt ? Frank Knobbe (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 17)
- Symantec Manhunt ? Frederic Charpentier (Dec 16)