On Wed, 29 May 2002, David Litchfield wrote: :This comment (and some which follow) indicate you've missed on of the key :points. When the vendor does release a patch NGSSoftware will follow up with :full details as normal. The VNA is not intended to replace our normally full :advisory - it simply exists as an interim solution to 'help' ensure vendors :release patches in a timely fsahion. Aah, this wasn't clear to me and (evidently) many others. I'm sure it's in there somewhere, but maybe you could emphasize it a bit more? :By putting these checks in Typhon, which we've always done, we buy a week or :two advantage over something like Nessus. Indeed. I don't see how this process is even inconsistent with the full disclosure approach. I have admittedly been more of an advocate than a practitioner of full disclosure, but maybe someone could point out more clearly how this will deprive the underground of its toys? ;) Cheers, -- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 12:55:04 PDT