|
Full Disclosure
mailing list archives
Re: it's all about timing
From: full-disclosure () lists netsys com (Tom Perrine)
Date: Thu, 1 Aug 2002 09:57:37 -0700
On Thu, 01 Aug 2002 16:03:33 +0300, Georgi Guninski <guninski () guninski com> said:
GG> What scares me is that the "Responsible Disclosure" FUD continues.
GG> On bugtraq people write that CERT and SecurtyFocus are "established parties" and
GG> everyone who does not give them their 0days is irresponsible (at least CERT is
GG> known to sell 0days). I personally won't give them my 0days early.
I would like to see evidence that CERT "sells 0days". Pretty
significant claim. Although, I probably wouldn't disclose the actual
exploits to CERT, just to the vendor.
GG> The "Responsible Disclosure" draft continues to get advertised, though it was
GG> not approved by IETF.
This is the problem. IETF had a chance to put a stake in the ground,
and didn't.
--
Tom E. Perrine <tep () SDSC EDU> | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/ |
 By Date 
By Thread
Current thread:
- it's all about timing, (continued)
it's all about timing full-disclosure () lists netsys com (Jul 31)
Re: it's all about timing Steven M. Christey (Jul 31)
Re: it's all about timing Adam Megacz (Jul 31)
RE: it's all about timing Scott, Richard (Aug 01)
Re: it's all about timing Sunil James (Aug 01)
it's all about timing Timothy J.Miller (Aug 01)
it's all about timing Alan Rouse (Aug 01)
|
Intro
