Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity

From: Georgi Guninski (guninski@guninski.com)
Date: 01/31/03

  • Next message: Paul Schmehl: "Re: [Full-Disclosure] RE: [tFull-Disclosure] SQL Server patch - why doesn't Windows update help?" 
    From: Georgi Guninski <guninski@guninski.com>
To: KF <dotslash@snosoft.com>
Date: Fri, 31 Jan 2003 18:20:51 +0200

    KF wrote:
    > Blue Boar wrote:
    >
    >> Georgi Guninski wrote:
    >>
    >>> Recently when I notified some vendors about a vulnerability, I wrote
    >>> something like a license agreement that the info should not be
    >>> disclosed to m$, cert, mitre, sf and others.
    >
    >
    >> What have you got against Mitre?
    >
    >
    > I have certainly seen some of the folks at Mitre go out of their way to
    > get things documented properly and other things of that nature quite a
    > few times. Steven M. Christey in particular...
    >

    Steven M. Christey proposed the responsible disclosure lame draft and signed it.
    I find it quite hipocritical to propose delaying of information, and at the same
    time mitre to get the 0days before they are released.

    Georgi Guninski
    http://www.guninski.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    Relevant Pages