CERT's vulnerability disclosure policy draws fire

[Dave Farber <dave () farber net>]

CERT's vulnerability disclosure policy draws fire

Security researcher Mark Litchfield doesn't agree with the
CERT Coordination Center's policy of giving information about
vulnerabilities to government agencies and other organizations
before passing it on to IT workers. CERT says it is taking a
reasoned approach in giving critical infrastructure and system
operators notice prior to general release. An easy solution to
this conflict doesn't exist. On one hand, you want to keep a lid
on the information until a fix is found. On the other hand,
anyone impacted has a right to know, not just the Department of
Homeland Security.

http://cl.com.com/Click?q=4f-Iar4IIUc_gagS2zQwA9is1BFn0PR

------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/