nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Cisco gate" and "Meet the Fed" at Defcon....

From: Dan Hollis <goemon () anime net>
Date: Mon, 1 Aug 2005 00:38:26 -0700 (PDT)

On Sun, 31 Jul 2005, Fergie (Paul Ferguson) wrote:

No one ever said the Internet wasn't chock full of contradictions.
One one hand, we have what some are now calling "Cisco gate":
http://news.com.com/Hackers+rally+behind+Cisco+flaw+finder/2100-1002_3-5812044.html


<quote>Alder then blasted Cisco for going after Lynn.
"Cisco, you are really screwing up," she said, followed by a round of 
applause. "Suing researchers is not going to make you secure. Alienating 
the security community is not going to encourage people to come to you and 
report problems and work with you."</quote>

Agreed 100%.

Cisco, are you listening?

By this misbehavior you are seriously discouraging researchers from 
releasing info to you. They will suspect you'll sit on the exploit for 
months and not tell anyone (as you did with this one). They'll be afraid 
you'll try to kill the messenger (as you did with this one).

Instead, they're just going to release exploits into the wild anonymously. 
Is this what you want? Then keep it up.

-Dan
Previous By Date Next
Previous By Thread Next

Current thread: