On Tue, Jul 08, 2003 at 12:19:45PM -0600, Alfred Huger wrote: > > > Please do not confuse this with Full Disclosure of vulnerabilities and > criticism of products. The two issues are wholey separate and I am > guessing you actually do understand the distinction. I have no problem > with critical information being posted so long as the poster is > accountable for his or her statements. > So you will now require all vulnerabilities posted to be traceable back to the individual who discovered and/or publicized the vulnerability? Can you not see the chilling effect this would have? Many vulnerabilities would not be publicised, and those that were would quite possibly be actionable under the DMCA. Those that weren't may still present problems other posters have raised, such as the advertisement of problems with one's own products (in effect, anonymous whistleblowing), or with one's own purchases (which would be a welcome mat for anyone wishing to penetrate that individual's infrastructure). I understand your frustration, but here I believe the bad outweighs the good, and I've yet to see an explanation of the good inherent in this policy. Accountability is fine, but accountability to what ends? If someone misbehaves, you can throw them off the list by removing their e-mail address from the list. You do not require a real name do accomplish this. -- Mark C. Langston Sr. Unix SysAdmin markat_private markat_private Systems & Network Admin SETI Institute http://bitshift.org http://www.seti.org --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 11:46:02 PDT