*de-lurk* Martyn, that sounds reasonable, except for the part about all the extra work involved, certainly for the moderator. I don't think it's practical to have an out-of-band submittal mechanism for "full and complete support for the point/issue being made". I like the intent, but not the resulting process burden. I think the practical solution is to let people post anonymously, and let us consumers regard the source as reliable/or not and the content as useful/or not, based on our needs at the time. Regards, - James James W. Stibbards Sr. Security Consultant, Cigital, Inc. email: jstibbardsat_private phone: (703) 404-5750 -----Original Message----- From: martyn.a.robertsat_private [mailto:martyn.a.robertsat_private] Sent: Wednesday, July 09, 2003 5:02 AM To: ahat_private Cc: pen-testat_private Subject: RE: Product review postings (was Administrivia) Hi, From a regular reader but an infrequent poster. I see some of the issues with allowing anonymous posts/reviews as well as some of the losses that may arise from not permitting them. Could not some of the problems be overcome by something similar to the following: Anonymous posts are allowed only if full and complete support for the point/issue being made also has to be submitted. If full and complete proof cannot be supplied. Say for example it is case where you must do A whilst watching B. In this case the details to reproduce this behaviour (as is published in peer reveived journals) must be supplied. Then the moderator if they have time (not likely in most cases I know) can test/check or maybe post a message (I have a report that X has an issue, I need help to confirm this, non-anonymous help is requested, the following equipment is needed for this task ...) After a succesful confirmation the original issue can be posted. The above would help in that we would still have access to information that a person (for work, financial whatever reasons) wishes to disown, but that has an extra (but not too onerous) work effort and so hopefully will not be trivially abused and has also been shown to be true. Maybe things like the anonymous poster also needing to supply to the moderator an email contact that remains anonymous but that is used for correspondance. This may well generate too much work for the moderator (comments Al.) Cheers, M. --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 09 2003 - 10:23:06 PDT