Full Disclosure mailing list archives
RE: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: "Steve W. Manzuik" <steve () entrenchtech com>
Date: Sun, 4 Jul 2004 21:38:49 -0600
Interesting they skipped VulnWatch in this mailing.........
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of dave Sent: Sunday, July 04, 2004 11:19 AM To: OIS Cc: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM; bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Dailydave] Re: [Full-disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines Nobody trusts the OIS or its motives. I imagine this is similar to the feedback you've gotten from everyone else as well, but Immunity has no plans to subscribe to your guidelines, and is going to oppose any efforts you make to legislate those guidelines as law. In section 1.1 the draft proposes that the purpose of the OIS's model is to protect systems from vulnerabilities. This is fairly obviously untrue - the purpose of the OIS is to lobby towards a business model for Microsoft and the other OIS members that involves the removal of non-compliant security researchers. This call for feedback is a thinly disguised attempt to get public legitimacy and allow the OIS to claim it has community backing, which it clearly does not. It's rare, but there are still security companies and individuals who do not owe their entire business to money from Microsoft. It's July 4th. and some of us are Americans who understand the concept of independance. Dave Aitel Immunity, Inc. OIS wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Organization for Internet Safety (OIS) extends an invitation to the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing lists to participate in the ongoing public review of theOIS SecurityVulnerability Reporting and Response Guidelines. The OIS reviews the Guidelines annually to ensure that they remain useful and relevant to the security community and, mostimportantly,to the millions of computer users who are the ultimatebeneficiariesof effective computer security practices. Over the pastyear, OIS hasreceived feedback from many adopters of the Guidelines aswell as fromseveral public-private partnerships, and have incorporated much of this feedback into an interim version that is available at http://www.oisafety.org/review/draft-1.5.pdf. We recommendreviewingthe interim version, but reviewers are welcome to providefeedback onthe original version athttp://www.oisafety.org/reference/process.pdfif they would like. For more information on the public review, please visit http://www.oisafety.org/review-1.5.html. The closing date for the review has been extended until 16 July 2004. We lookforward to yourfeedback. Regards, The Organization for Internet Safety www.oisafety.org -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz KWNTvxgQVKXiC1OU9CR/rXYF =4mT/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Public Review of OIS Security Vulnerability Reporting and Response Guidelines OIS (Jul 02)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines dave (Jul 04)
- RE: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Steve W. Manzuik (Jul 04)
- Re: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Halvar Flake (Jul 05)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Pete Herzog (Jul 05)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines rsh (Jul 06)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Nigel Stepp (Jul 08)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Fred Mobach (Jul 04)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Randy Bush (Jul 05)
- RE: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Thomas48 (Jul 06)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines ET LoWNOISE (Jul 08)
(Thread continues...)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines dave (Jul 04)