Re: XSS at Citibank.co.uk

[bruen () coldrain net]

Hi Jim,

  Besides the obvious, exactly why should Cisco or any other vendor in our
business be shielded from public scrutiny on products which are faulty? I
am sure that Merck would like to have kept Vioxx on the market, even
though people died from it. I am just as sure that Guidant Corp did not
want the problems with their pacemakers made public, so that they have to
fix them for free. What about Ford Explorers and exploding tires? They
can't even give them away today. Since there is no equivalent to Consumer
Reports for us, we are left with public disclosure.

 If it is important enough to stop public disclosure of problems, then
it's important enough for vendors to start taking responsbility for what
they produce. The resources going into stopping public disclosure would be
better used to help secure the products. Those lawyer fees would be a good
start.

                      regards, bob


On Sun, 14 Aug 2005, Jim Duncan wrote:
> While any method of contact is better than none, may I suggest you check
> the list of FIRST teams at http://www.first.org/ before posting
> publicly?  While I can't guarantee any given organization will be a
> member -- nor can I guarantee a response to the given address --
> Citigroup is a long-time member of FIRST, and their first-team members
> have demonstrated excellent responsiveness in the past.
> snip... 
> FIRST Steering Committee Member and FIRST.Org, Inc., Board of Directors

-- 
Dr. Robert Bruen
Cold Rain Technologies 
http://coldrain.net
+1.802.579.6288

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/