Vulnerability Development mailing list archives
Re: Another new worm???
From: crispin () WIREX COM (Crispin Cowan)
Date: Thu, 22 Jun 2000 20:53:39 -0700
Blue Boar wrote:
Any idea what the qualifications are? I assume one would have to agree not to distribute outside of the group. Would the group let in someone who was producing a free AV product?
If "free" == "libre" (GPL) then the license would compel disclosure of the source code, which would in turn disqualify such a project from the requirement to not distribute information outside the group. A policy that makes it impossible to write a GPL'd product says rather clearly that it is a bad policy.
That is the same as saying "we don't hire hackers." How do you know? MS tried escrowing exploits once... just once (so far.) Aleph1 had a copy of the exploit in less than 24 hours. Not all the guys working for the "proper" people follow the policy like you'd like them too.
I'd like more details & references for this incident. I've proposed a "vulnerability escrow" procedure (adjudicated by a neutral 3rd party) as a way to encourage compliance with Rain Forrest Puppy's articulation of sound vulnerability disclosure practices http://www.wiretrip.net/rfp/policy.html Crispin -- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Capturing System Calls, (continued)
- Re: Capturing System Calls Ryan Permeh (Jun 22)
- Re: Capturing System Calls Pavel Kankovsky (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Andrew Reisse (Jun 22)
- Re: Capturing System Calls Rajiv Dighe (Jun 22)
- Re: Capturing System Calls Granquist, Lamont (Jun 22)
- Re: Capturing System Calls Michal Zalewski (Jun 22)
- Fwd: ShowFile CGI Security Vulnerability Barry Russell (Jun 21)
- Re: Fwd: ShowFile CGI Security Vulnerability Blue Boar (Jun 21)
- Re: Another new worm??? Blue Boar (Jun 21)
- Re: Another new worm??? Crispin Cowan (Jun 22)
- Re: Another new worm??? Justin Lintz (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- Re: Another new worm??? Michael S Hines (Jun 23)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)
- Re: Another new worm??? David Knaack (Jun 22)
- Re: Another new worm??? Jason Legate (Jun 22)
- Red Hat 6.2's ftp segmentation fault Paulo Ribeiro (Jun 22)