Interesting People mailing list archives
CERT's vulnerability disclosure policy draws fire
From: Dave Farber <dave () farber net>
Date: Fri, 31 Jan 2003 06:44:50 -0500
CERT's vulnerability disclosure policy draws fire Security researcher Mark Litchfield doesn't agree with the CERT Coordination Center's policy of giving information about vulnerabilities to government agencies and other organizations before passing it on to IT workers. CERT says it is taking a reasoned approach in giving critical infrastructure and system operators notice prior to general release. An easy solution to this conflict doesn't exist. On one hand, you want to keep a lid on the information until a fix is found. On the other hand, anyone impacted has a right to know, not just the Department of Homeland Security. http://cl.com.com/Click?q=4f-Iar4IIUc_gagS2zQwA9is1BFn0PR ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To unsubscribe or update your address, click http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- CERT's vulnerability disclosure policy draws fire Dave Farber (Jan 31)