Re: [Full-Disclosure] Re: it's all about timing

• Previous message: SGI Security Coordinator: "[Full-Disclosure] Sun RPC xdr_array vulnerability"
• In reply to: Georgi Guninski: "Re: [Full-Disclosure] Re: it's all about timing"
• Next in thread: Georgi Guninski: "Re: [Full-Disclosure] Re: it's all about timing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> On Thu, 01 Aug 2002 16:03:33 +0300, Georgi Guninski <guninskiat_private> said:

    GG> What scares me is that the "Responsible Disclosure" FUD continues.
    GG> On bugtraq people write that CERT and SecurtyFocus are "established parties" and 
    GG> everyone who does not give them their 0days is irresponsible (at least CERT is 
    GG> known to sell 0days). I personally won't give them my 0days early.

I would like to see evidence that CERT "sells 0days".  Pretty
significant claim.  Although, I probably wouldn't disclose the actual
exploits to CERT, just to the vendor.

    GG> The "Responsible Disclosure" draft continues to get advertised, though it was 
    GG> not approved by IETF.

This is the problem.  IETF had a chance to put a stake in the ground,
and didn't.

-- 
Tom E. Perrine <tepat_private> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | 
_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosureat_private
http://lists.netsys.com/mailman/listinfo/full-disclosure

• Next message: Leif Sawyer: "[Full-Disclosure] FW: Windows 2000 Service Pack 3 now available."
• Previous message: SGI Security Coordinator: "[Full-Disclosure] Sun RPC xdr_array vulnerability"
• In reply to: Georgi Guninski: "Re: [Full-Disclosure] Re: it's all about timing"
• Next in thread: Georgi Guninski: "Re: [Full-Disclosure] Re: it's all about timing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 10:26:39 PDT