>>>>> On Thu, 01 Aug 2002 16:03:33 +0300, Georgi Guninski <guninskiat_private> said: GG> What scares me is that the "Responsible Disclosure" FUD continues. GG> On bugtraq people write that CERT and SecurtyFocus are "established parties" and GG> everyone who does not give them their 0days is irresponsible (at least CERT is GG> known to sell 0days). I personally won't give them my 0days early. I would like to see evidence that CERT "sells 0days". Pretty significant claim. Although, I probably wouldn't disclose the actual exploits to CERT, just to the vendor. GG> The "Responsible Disclosure" draft continues to get advertised, though it was GG> not approved by IETF. This is the problem. IETF had a chance to put a stake in the ground, and didn't. -- Tom E. Perrine <tepat_private> | San Diego Supercomputer Center http://www.sdsc.edu/~tep/ | _______________________________________________ Full-Disclosure - We believe in it. Full-Disclosureat_private http://lists.netsys.com/mailman/listinfo/full-disclosure
This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 10:26:39 PDT