Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Fwd: Information on MS99-022
From: weld () L0PHT COM (Weld Pond)
Date: Mon, 5 Jul 1999 08:14:47 -0500


On Sun, 4 Jul 1999, Renaud Deraison wrote:

And I'm writing a free security auditing tool, and I won't be able to
implement a security check for this, because I'm not a "vendor" ?
(apparently only software vendors are welcomed to the ICSA's IDC --
 they did not reply to my request of being admitted in this consortium
 [so that I could get information about this flaw])

I have an idea. To counter this information witholding problem, non-vendor
individuals who find security problems should have mailing lists that only
non-vendor individuals are on.  Yeah, sure the information will eventually
leak out but it will take much longer for the problems to be fixed by the
vendors. Of course Microsoft and members of their selected consortia would
be forbidden to join the list.

Does this seem like a good idea? Well personally I think it is crazy but
it is exactly what Microsoft is asking individual security contributers
and practitioners to accept, albeit shoe on other foot.

-weld


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]