Forwarded from: John Q. Public <tpublicat_private> Just because you have a state-sponsored religion doesn't mean you'll convert everyone. I commend Steve and Chris for attempting this, but without a LOT of compromise, people are still going to bicker about which way is right. And we all know MS doesn't utilize RFCs to the letter, they tend to add their own features and break functionality for their own needs. Just an example of how well RFCs are upheld in the real world. Don't get me wrong, I'll go read it, but I'm sure I can come up with a handfull of people who will love it and equally as many who will hate it. .nhoJ On Fri, 22 Feb 2002, InfoSec News wrote: |http://www.newsbytes.com/news/02/174683.html | |By Steven Bonisteel, Newsbytes |CAMBRIDGE MASSACHUSETTS, U.S.A., |21 Feb 2002, 5:21 PM CST | |A pair of computer security researchers are seeking comments on a |proposal to bring order to the reporting and fixing of security holes |in software, a process that frequently takes place in adversarial |arenas. | |In a document known as an Internet Draft submitted to the Internet |Engineering Task Force (IETF), Steve Christey of MITRE and Chris |Wysopal of @stake outline what could become standard procedures for |both bug hunters and software vendors when dealing with newly |discovered vulnerabilities. | |The "Responsible Disclosure Process" Internet Draft comes as even |Internet security sleuths themselves continue to debate how quickly |they should publish their reports and how detailed they should be. |Meanwhile, software giant Microsoft Corp. has been the most vocal |among vendors who have criticized the bug hunters for reporting |problems before they are patched. | [...] | |The full Internet Draft can be found here: |http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 04:02:40 PST