On Sun, 4 Jul 1999, Renaud Deraison wrote: > And I'm writing a free security auditing tool, and I won't be able to > implement a security check for this, because I'm not a "vendor" ? > (apparently only software vendors are welcomed to the ICSA's IDC -- > they did not reply to my request of being admitted in this consortium > [so that I could get information about this flaw]) I have an idea. To counter this information witholding problem, non-vendor individuals who find security problems should have mailing lists that only non-vendor individuals are on. Yeah, sure the information will eventually leak out but it will take much longer for the problems to be fixed by the vendors. Of course Microsoft and members of their selected consortia would be forbidden to join the list. Does this seem like a good idea? Well personally I think it is crazy but it is exactly what Microsoft is asking individual security contributers and practitioners to accept, albeit shoe on other foot. -weld
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:41 PDT