I have in the past (years pre-securityfocus) been personally attacked with lies about products I've been involved in by anonymous authors, and I, like Al, have seen that anonymous cowards can make a real impact if given the audience. That audience will always exist on full-disclosure and other unmoderated lists, but I don't think there is any reason SF needs to give them a forum. Fact is, the posts that are most harmful don't come across as "y0ur pr0dukt sukz", they are carefully written by intelligent folks who insert their lies into coherent sentences. Even with an equally intelligent statement refuting it by the vendor, there is no real way for a 3rd party observer to know who is telling the truth. I hope SF will go further in building more accountable and secure means for folks in the security industry to be able to communicate with each other over time, but drawing a line in the sand at this absurdity is a good first step. -Dave ------------------- David J. Meltzer djmat_private CTO, Intrusec, Inc. --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 12:33:05 PDT