, 2002-10-30
The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off?
Expand all |
Post comment
|
Responsible Disclosure by Corporate Fiat
, 2002-10-30 The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off?
Expand all |
Post comment
|
|
|
Privacy Statement |
Prob is your 133t group of people are the ones who: 1) failed to do it right the first time, 2) Dont want to suffer "bad publicity" for it. (and the bad publicity is worst in their minds then fixing the problem), 3) Have millions of reasons to bury the flaws as long as possible.
We can live with the vendors getting disclosed on day one for security holes. We are in more danger from your suggestion than from continuing the way we are. Heck we can always disconnect from the net if it becomes the only choice between saving or loosing data - IF WE KNOW THERE IS A PROBLEM!!!
Your plan requires every one to depend on vendors to do the right thing. Historicaly not only have they failed to do so, but they have show their belief: their reputation is more important than our data and/or security.
I would rather see the vendors working their butts off trying to fix a hole that was published and is getting exploited by a hack, than have the same vendor taking his time, cause "no one knows"
I hope with all my heart, your plan fails.
o yeah, Im against it....
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/120/17015#17015