| Seems to me like a thinly vieled marketing announcment. Worked, too. | | I don't notice anything _too_ radically seperated from well known | vulnerability disclosure methods, with the singular exception that | they do not make accomodations for a responsive vendor who has not | yet released a patch, which is on contrast to the RFPolicy, a well | known disclosure roadmap, and the referenced Christey-Wysopal policy. | | I read it as "Buy our scanner and you'll have access to vulnerabilities | others don't yet have". | > > > >I couldn't agree more. I personally see it as a ploy touting the > >fact that their purchasable product will now and then be able to > >look for some vulnerabilities that other products wont be able to. > > And this is wrong how? If David can protect his customers on a pro-active > basis and allow them assess their own risk I can't see how you find fault > in it. > My original point was not that this is wrong or right. I wasn't trying to make any value judgments on the merit of this process, but instead on the overall technical value of the announcement. It is rather like my announcement that I my name is Drew Simonis, but I've decided to spell it "Drew simonis". (note the lowercase!) I hardly think this would start a rollicking discussion or new group in alt.genealogy.surnames.* In short, there is nothing of value in the announcement. They are telling us that they are going to follow well known disclosure policies. Isn't that a given for a respectable company? This is why I characterized the announcement as a marketing ploy... for the lack of content, not the value of the content. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 08:22:48 PDT