I don't think it is unreasonable expectation that people identify themselves when criticizing a product/vendor. I also think that vendor's should be required to go one step farther and identify themselves as _working for_ or _affiliated with_ said vendor. Everyone seems to be assuming that people wrongly criticizing a product can do damage, but what about false or overly positive posts about products? But I also think we are thinking way to hard about this. At this time I am willing, based on past experience, to trust Al to do a good job moderating product/vendor postings. Newspeak=Ari Fleischer Cheers, Clarke Original Message: ----------------- From: David J. Meltzer djmat_private Date: Tue, 08 Jul 2003 15:16:24 -0400 To: pen-testat_private Subject: RE: Product review postings (was Administrivia) I have in the past (years pre-securityfocus) been personally attacked with lies about products I've been involved in by anonymous authors, and I, like Al, have seen that anonymous cowards can make a real impact if given the audience. That audience will always exist on full-disclosure and other unmoderated lists, but I don't think there is any reason SF needs to give them a forum. Fact is, the posts that are most harmful don't come across as "y0ur pr0dukt sukz", they are carefully written by intelligent folks who insert their lies into coherent sentences. Even with an equally intelligent statement refuting it by the vendor, there is no real way for a 3rd party observer to know who is telling the truth. I hope SF will go further in building more accountable and secure means for folks in the security industry to be able to communicate with each other over time, but drawing a line in the sand at this absurdity is a good first step. -Dave ------------------- David J. Meltzer djmat_private CTO, Intrusec, Inc. --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ---------------------------------------------------------------------------- -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 14:42:00 PDT