Re: [ISN] Hacker watchdog group in the works

From: InfoSec News (isnat_private)
Date: Mon Nov 12 2001 - 01:42:48 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - November 9th 2001"

    Forwarded from: Robert G. Ferrell <rferrellat_private>
    > MOUNTAIN VIEW, Calif. -- Microsoft and five security companies
    > announced on Thursday that they would create an organization to
    > promote the responsible publishing of information about software
    > flaws.
    Sorry, but "Microsoft" and "responsible" in the same sentence pegged
    my incongruity meter.
    My inherent distrust of vendor-initiated and/or moderated forums
    devolves from the simple fact that vendors (understandably) want to
    downplay the severity and potential consequences of vulnerabilities
    discovered in their products.  As a consequence, while we might get
    the bare bones facts about a security flaw and maybe even a fix, we
    aren't likely to get anything like the exhaustive analysis of the
    engineering issues underlying a particular vulnerability that now
    frequently accompanies announcements by independent security analysts.  
    This in effect means that we simply have to trust the vendors to kiss
    it and make everything all better, despite the fact that they're the
    same ones who shipped the product with the flaw in the first place.
    I don't know about you folks, but applying the traditional Redmond
    'black box' principle to security gives me the heebie-jeebies.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 07:03:36 PST