Forwarded from: John Q. Public <tpublicat_private> On Tue, 19 Mar 2002, InfoSec News wrote: |http://www.newsbytes.com/news/02/175273.html | |By Brian McWilliams, Newsbytes |BURLINGTON, MASSACHUSETTS, U.S.A., |18 Mar 2002, 2:26 PM CST | |Proponents of an effort to standardize the handling of computer |security vulnerabilities today aborted the effort after receiving |critical comments from reviewers. This makes me wonder if there was any thought put into multiple "standards" that would allow for organizations to pick one and stick with it. I believe there does need to be a concrete set of rules for security folks, but I don't think that one set of rules will fit everybody's position. I would not be surprised if we had up to three "choices" and each were adopted in nearly equal amounts. At least then, there would be steps and policies that each group should abide by, and would help keep them out of trouble. Perhaps an aftereffect of this would be that all parties would soon realize that version "Delta" was less effective (or more destructive) than version "Alpha." Additionally, we could see vendors request that reporters use a particular version over another one if it fits their timelines and responsibilities (but, of course, they will pick the most time-consuming and self-protective versions) .nhoJ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 04:33:45 PST