oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Thu, 3 Mar 2011 16:44:26 -0500 (EST)
On Thu, 3 Mar 2011, Kees Cook wrote:
This certainly underscores that very few flaws need vendor-sec coordination, but I would suspect that out of those roughly 725 flaws, many of the really critical ones came through vendor-sec.
As an outsider with limited visibility into vendor-sec, this would be my impression too. I would imagine that things like major protocol design flaws or critical, hard-to-fix bugs in popular software would still need coordination across multiple parties with a need for non-disclosure for a relatively long period of time. Maybe vendor-sec-2 could handle that need.
- Steve
Current thread:
- Vendor-sec hosting and future of closed lists Marcus Meissner (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Michael Gilbert (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 03)