Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity

From: Ben Laurie (ben@algroup.co.uk)
Date: 01/30/03

Next message: Curt Wilson: "Re: [Full-Disclosure] SQL Server patch - why doesn't Windows update help?"

Previous message: qobaiashi: "Re: [Full-Disclosure] LAFFING MY SOCKZ OFF"
In reply to: Len Rose: "[Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Next in thread: Georgi Guninski: "Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Reply: Georgi Guninski: "Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Ben Laurie <ben@algroup.co.uk>
To: Len Rose <len@netsys.com>
Date: Thu, 30 Jan 2003 18:52:32 +0000

Len Rose wrote:
> With the recent evidence that CERT informed it's paying members about the
> Sapphire SQL worm before the rest of the world should now indicate that
> they too are not a useful resource for timely and open security information.

This is news why? CERT told me that is what they wanted to do when I
was, errm, in dispute with them over timing of the release of the
OpenSSL holes last year. I believe I mentioned it at the time.

That's one reason I won't pre-notify CERT (or, indeed, anyone else
[other than the vendor]) anymore.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Curt Wilson: "Re: [Full-Disclosure] SQL Server patch - why doesn't Windows update help?"
Previous message: qobaiashi: "Re: [Full-Disclosure] LAFFING MY SOCKZ OFF"
In reply to: Len Rose: "[Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Next in thread: Georgi Guninski: "Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Reply: Georgi Guninski: "Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: What Andrew and sun cant stand is that ...
... Why is it that people continue to bait Harrison? ... evidence to the contrary, he'll never admit he's wrong, so why bother ... > others have shown VMS time and time again to thwart most ... > cert bugs ... ...
(comp.os.vms)
Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity
... >> With the recent evidence that CERT informed it's paying members about ... >> the Sapphire SQL worm before the rest of the world should now indicate ... CERT told me that is what they wanted to do when I ... > [other than the vendor]) anymore. ...
(Full-Disclosure)
Publisher Security
... X509Certificate cert = X509Certificate.CreateFromSignedFile; ... Evidence evidence = new Evidence; ... PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel; ... CodeGroup codeGroup = new UnionCodeGroup(new ...
(microsoft.public.dotnet.security)