Forwarded from: Chris Wysopal <cwysopalat_private> There already is an independent list for disclosing vulnerabilities. It is vulnwatchat_private Vulnwatch was created a year ago by Steve Manzuik, Rain Forest Puppy, and me. We saw the industry relying on a single point of failure for getting out timely vulnerability information. We are the current moderators but we are in the process of adding 2 new moderators whose names you will recognize if you follow advisories. We are still looking for a moderator from the far east or hawaii to reach our goal of 24 hour moderation coverage. As it stands now RFP needs to stay up until 2am. :) Vulnwatch has over 4000 subscribers. It is an all vulnerability list. No discussion. Vendor bulletins are only approved if they add new information. The idea is fresh vulnerability information straight up. You can take a look at the archives to get a feel for the list: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/ Subscription info at www.vulnwatch.org. -Chris InfoSec News wrote: > http://www.nwfusion.com/news/2002/0717syman2.html > > [Several ISN readers sent word of the $355 million Symantec buying > spree, and you start to wonder how much more $$$ Symantec has > sitting in the petty cash box for future acquisitions and whose > next? Other questions come to mind, since Symantec has a track > record of overhyping virus warnings, who isn't to say that the same > won't become the norm with security holes? also troubling me is that > Symantec being the large one-stop security group it is now, might > hold onto security vulerabilties of Symantec products. Lastly, if > some of these fears become reality, you have to wonder if there's > going to be a new independent mailing list for security > vulnerabilities. ;) - WK] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 12:04:05 PDT