Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: "Steve W. Manzuik" <steve () entrenchtech com>
Date: Sun, 4 Jul 2004 21:38:49 -0600

Interesting they skipped VulnWatch in this mailing.........  

-----Original Message-----
From: dailydave-bounces () lists immunitysec com 
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of dave
Sent: Sunday, July 04, 2004 11:19 AM
To: OIS
Cc: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM; 
bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Dailydave] Re: [Full-disclosure] Public Review of 
OIS Security Vulnerability Reporting and Response Guidelines

Nobody trusts the OIS or its motives. I imagine this is 
similar to the feedback you've gotten from everyone else as 
well, but Immunity has no plans to subscribe to your 
guidelines, and is going to oppose any efforts you make to 
legislate those guidelines as law. In section 1.1 the draft 
proposes that the purpose of the OIS's model is to protect 
systems from vulnerabilities. This is fairly obviously untrue 
- the purpose of the OIS is to lobby towards a business model 
for Microsoft and the other OIS members that involves the 
removal of non-compliant security researchers.

This call for feedback is a thinly disguised attempt to get 
public legitimacy and allow the OIS to claim it has community 
backing, which it clearly does not.

It's rare, but there are still security companies and 
individuals who do not owe their entire business to money 
from Microsoft. It's July 4th. 
and some of us are Americans who understand the concept of 
independance.

Dave Aitel
Immunity, Inc.




OIS wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Organization for Internet Safety (OIS) extends an invitation to 
the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing 
lists to participate in the ongoing public review of the 
OIS Security 
Vulnerability Reporting and Response Guidelines.
The OIS reviews the Guidelines annually to ensure that they remain 
useful and relevant to the security community and, most 
importantly, 
to the millions of computer users who are the ultimate 
beneficiaries 
of effective computer security practices.  Over the past 
year, OIS has 
received feedback from many adopters of the Guidelines as 
well as from 
several public-private partnerships, and have incorporated much of 
this feedback into an interim version that is available at 
http://www.oisafety.org/review/draft-1.5.pdf.  We recommend 
reviewing 
the interim version, but reviewers are welcome to provide 
feedback on 
the original version at 
http://www.oisafety.org/reference/process.pdf
if they would like.

For more information on the public review, please visit 
http://www.oisafety.org/review-1.5.html.  The closing date for the 
review has been extended until 16 July 2004.  We look 
forward to your 
feedback.

Regards,

The Organization for Internet Safety
www.oisafety.org

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
KWNTvxgQVKXiC1OU9CR/rXYF
=4mT/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault