Fwd: Comment on: Microsoft to give partners heads-up on security vulnerabilities

[n3td3v <xploitable () gmail com>]

---------- Forwarded message ----------
From: n3td3v <xploitable () gmail com>
Date: Tue, Aug 5, 2008 at 4:24 PM
Subject: Comment on: Microsoft to give partners heads-up on security
vulnerabilities
To: n3td3v <n3td3v () googlegroups com>


by n3td3v  August 5, 2008 8:17 AM

Verbal contracts of non-disclosure agreements don't work, you need a
new law in place, which I call the responsible disclosure act,
http://seclists.org/fulldisclosure/2008/Jul/0439.html to enforce the
agreement by a law if the agreement is broken. Or are you guys just
gonna do another "oops the cat's out the bag" again like what happened
with the verbal contract agreement Dan Kaminsky had with everyone
before a blog entry leaked the vulnerability by *accident*. Is this
Microsoft agreement of non-disclosure actually enforceable by any
current law? If not a new law is needed to be drawn up, see the link
above, or this "Microsoft Active Protection Program" is gonna turn out
a complete shambles.

http://news.cnet.com/8601-1009_3-10006325.html?communityId=2114&targetCommunityId=2114&messageId=772539#772539

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/