Full Disclosure mailing list archives

Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...

From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 13 Mar 2005 18:10:56 +0100 (CET)

On Sat, 12 Mar 2005, J.A. Terranson wrote:

Critical infrastructure serves us ALL, and must be first on the fix wagon.


There should be no serious vulnerabilities in the "critical
infrastructure" in the first place.

If the infrastructure is really critical, i.e. its failure would kill
people, then every time a serious vulnerability is found, one of the
responsible PHBs should be shot. (This is the way they are already doing 
it in China, isn't it?)

Vendors, to be able to demonstrate how serious they are when their PR says
their products are absolutely secure, may offer a service to sacrifice one
of their own PHBs instead of the client's one.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... Jason Coombs (Mar 12)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... J.A. Terranson (Mar 12)
  - Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... Pavel Kankovsky (Mar 13)