Home page logo

bugtraq logo Bugtraq mailing list archives

From: Peter Barker <pbarker () BARKER DROPBEAR ID AU>
Date: Tue, 5 Sep 2000 18:41:34 +1100

On Mon, 4 Sep 2000, Warner Losh wrote:

I know that various groups in the past have tried to strike a balance
between vendor coordination and forcing a release to spur the vendors


What's really needed is a vulnerability stamping service :-).  In the

I've thought that a bugtraq "delayed-action" script could do this.

Mail to, for example, "bugraq-14days () securityfocus com" would be
acknowledged by the server as being in the queue to be posted to
"bugtraq () securityfocus com" after (guess!) 14 days. A warning at 1 day may
also be sent to the advisory author.

Upon posting, original receipt date of the post should be obvious.

A "key" could be issued which, if used, should indicate to the list server
that the advisory should be broken out of the queue and posted to the

This should do three things:

 - establish (for those need the ego-boost) who got in first with a
 - give the vendor time to respond
 - if cc'd to the appropriate contact for the compromised software, gives
them a date to work to - and a sword over their heads.


Peter Barker                          |   N    _--_|\ /---- Barham, Vic
Programmer,Sysadmin,Geek              | W + E /     /\
pbarker-btq () barker dropbear id au     |   S   _,--?_*<-- Canberra
You need a bigger hammer.             |             v    [35S, 149E]
"Note: Silencing the alarm does not solve the problem that caused it."
 -- Sola (UPS) Users Guide

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]