Full Disclosure mailing list archives
Re: CERT, Full Disclosure, and Security By Obscurity
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 31 Jan 2003 00:21:05 +0200
Ben Laurie wrote:
Len Rose wrote:With the recent evidence that CERT informed it's paying members about the Sapphire SQL worm before the rest of the world should now indicate that they too are not a useful resource for timely and open security information.This is news why? CERT told me that is what they wanted to do when I was, errm, in dispute with them over timing of the release of the OpenSSL holes last year. I believe I mentioned it at the time.That's one reason I won't pre-notify CERT (or, indeed, anyone else [other than the vendor]) anymore.
According to: http://www.businessweek.com/technology/cnet/stories/982663.htm".....But Litchfield said he felt "a betrayal of trust" because CERT had "leaked (the information) to certain organizations and government departments" before passing it on to IT workers...."
There was more interesting article on eweek yesterday.Recently when I notified some vendors about a vulnerability, I wrote something like a license agreement that the info should not be disclosed to m$, cert, mitre, sf and others.
Georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT, Full Disclosure, and Security By Obscurity Len Rose (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Jason Coombs (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Darren Reed (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Jason Coombs (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Ben Laurie (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Blue Boar (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity KF (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 31)
- Re: CERT, Full Disclosure, and Security By O hellNbak (Jan 31)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 30)
