Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Symantec Buys SecurityFocus, among others..
From: full-disclosure () lists netsys com (HggdH)
Date: Thu, 18 Jul 2002 07:39:37 -0600

From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
Sent: Wednesday, July 17, 2002 16:32
Subject: Re: [Full-disclosure] Symantec Buys SecurityFocus, among others..


. I mean what do they mean by the vulnerabilities they find ?

I think we are talking about two different things here -- vulnerabilities
reported via BUGTRAQ, and vulnerabilities found elsewhere (internal
research, priviledged access, whatever). Vulnerabilities reported via
BUGTRAQ will still be published on BUGTRAQ, in the same timely way it has
always been. The others... they might take longer to make it to BUGTRAQ.

This is actually not different from what most of those here (us?) do -- when
we receive priviledged information on a vulnerability (or when we find one),
most of us will maintain secrecy for some time -- so that we can contact the
vendor, work out a bypass, play of being a black hat, whatever. At least, we
will NOT publish it until we can verify it's authenticity.

. What they do is just moderate the damn list, and stop slipping useful
. vulnerability details about Microsoft and alike.. wtf?

Hold the fire, folks. Make sure it is an enemy you are firing on.

Give them time. Symantec is a business, yes, but being a business is not
identical to being stupid. The value of BUGTRAQ lies in it's history of
being fair. Elias, and now Dave, have always done a very good job on the
moderation. We may not always agree with them (I myself have had  -- under
other encarnations -- difference on points of view with Elias), but it is
their right, since they are the moderators.


. looks like another one bites the dust.

Again, please remember -- if Symantec decides to censor BUGTRAQ... they will
have killed it in a more effective way than any other. BUGTRAQ is followed
not because it is SecurityFocus, but because it is BUGTRAQ. If BUGTRAQ will
bite the dust, or not, will (hopefully) depend on what Symantec forces in. I
certainly hope it will not die because of what one thinks it is, or is not.
This would be pure prejudice.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]