Jon Lasser, 2002-10-30
The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off?
Colapse all |
Post comment
Responsible Disclosure by Corporate Fiat
2002-10-31
Bob Dowling <rjd4@cam.ac.uk> (1 replies)
Bob Dowling <rjd4@cam.ac.uk> (1 replies)
OIS
2002-10-31
batz
The OIS will have little or no impact on the distribution of vulnerability information. First, they would have to
buy Bugtraq (oops too late) and every other community resource for sharing this information (not going to happen).
Second, they will have to generate new vulnerability informatio...
[ more ] [ reply ]
batz
The OIS will have little or no impact on the distribution of vulnerability information. First, they would have to
buy Bugtraq (oops too late) and every other community resource for sharing this information (not going to happen).
Second, they will have to generate new vulnerability informatio...
[ more ] [ reply ]
ir-Responsible Disclosure by Corporate Fiat
2002-11-01
Lurker
Lurker
You state it differently this time, but you are still pushing some kind of "133t" group of public minded corps, that would withold information vital to ALL security people untill "they felt" it was safe to let me know my systmes were vunerable.
Prob is your 133t group of people are the ones who...
[ more ] [ reply ]
Prob is your 133t group of people are the ones who...
[ more ] [ reply ]
Responsible Disclosure by Corporate Fiat
2002-11-06
Anonymous
Anonymous
if i find i a bug, and i choose to disclose it, why should i follow some 3rd party standard, written by a bunch of people i either dont know or have no respect for. i dont care if your averabe bugtraq reader doesnt respect me.
this standard will only help big companies silence independants. ...
[ more ] [ reply ]
this standard will only help big companies silence independants. ...
[ more ] [ reply ]
Responsible Disclosure by Corporate Fiat
2002-11-10
Anonymous
The fundemental conflict that occurs here between vendors who want to conceal vulnerabilities and thereby reduce their costs to fix them (by any means neccesary, including lying, denial, and willfull ignorance), and people who have to deal with the fallout of irresponsible vendor behavior is not o...
[ more ] [ reply ]
Anonymous
The fundemental conflict that occurs here between vendors who want to conceal vulnerabilities and thereby reduce their costs to fix them (by any means neccesary, including lying, denial, and willfull ignorance), and people who have to deal with the fallout of irresponsible vendor behavior is not o...
[ more ] [ reply ]
Suppose I report a security flaw to a vendor. What's to stop them responding with a court order gagging me? It doesn't matter if the court order wouldn't stand up to challenge. I...
[ more ] [ reply ]