nanog mailing list archives
Re: NSP-SEC
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 20 Mar 2010 22:12:40 +0200
On 3/20/10 8:37 PM, William Pitcock wrote:
That is not what I mean and you know it.
What do you mean than? Hank made a good point on the type of traffic normally going through these groups.
What I mean is: why can't anyone contribute valuable information to the security community? It is next to impossible to meet so-called 'trusted people' if you're new to the game, which is counter-productive.
Well, that's not transparency at all. That's about being able to get connected, and be trusted. That's called a process.
Now, I've been preaching public engagement for years now, and indeed also made several attempts in this regard -- some very successful, others failed miserably.
There are three suggestions I can make:1. Join the open mailing lists and show your usefulness. Places where a lot of us hang out (depending on communities): NANOG, funsec.
2. Show you are responsive and responsible in handling issues in your own back yard.
3. Go to conferences and drink beer with people.
If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it?
That's a completely different question yet again, on vulnerability disclosure. In this particular case, try Cisco PSIRT.
I recently wrote a post on how to handle the PR aspects of vulnerability disclosure, but it covers the basics in the first few paragraphs and I think it will clear the subject for you.
http://www.darkreading.com/blog/archives/2009/12/security_pr_str.html Gadi.
William
-- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/
Current thread:
- Re: NSP-SEC, (continued)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 22)
- Re: NSP-SEC Randy Bush (Mar 22)
- Re: NSP-SEC Andrew D Kirch (Mar 22)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 23)
- Re: NSP-SEC Valdis . Kletnieks (Mar 23)
- Re: NSP-SEC Nick Hilliard (Mar 23)
- Re: NSP-SEC Guillaume FORTAINE (Mar 20)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC Gadi Evron (Mar 20)
- Re: NSP-SEC William Pitcock (Mar 20)
- Re: NSP-SEC Guillaume FORTAINE (Mar 21)
- Re: NSP-SEC Andrew D Kirch (Mar 21)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC George Imburgia (Mar 20)
- Re: NSP-SEC James Bensley (Mar 21)
- Re: NSP-SEC Rich Kulawiec (Mar 21)
- RE: NSP-SEC Alex Lanstein (Mar 21)
- Re: NSP-SEC Patrick W. Gilmore (Mar 21)