Re: RussRe: Call to arms - INFORMATION ANARCHY

From: Piotr Flakowski@SMTP (Flakowski@SMTP)
Date: 11/03/01


Message-ID:  <OFC6761229.557D8788-ONC1256AF8.007F4274@diamond.philips.com>
Date:         Sat, 3 Nov 2001 00:45:16 +0100
From: "Piotr Flakowski@SMTP" <piotr.flakowski@PHILIPS.COM>
Subject:      Re: RussRe: Call to arms - INFORMATION ANARCHY
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Dear Russ,
Unfortunately, for me, it seems that you are loosing proportions with your arguments against the full disclosure issue:
First, the vulnerability is in NO WAY like a gun for everyone. Why? Because gun can be used to protect ...HOW can you use the vulnerability to PROTECT anything/anybody???
Second: it is rather dangerous to rely on some independent government agency to solve anything which is between the customer and the vendor. Beginning with "independent government agency" illogicallity-when it is government it CAN NOT be independent.
Third: the conclusion from your words about the MS products users are: they are rather stupid bunch so someone, the MS Angel I suppose, MUST protect them against themselves.
Fourth: Your arguments are not discussing with the proposed procedure at all, you are just authoritatively saying that there should be no full disclosure at all -only the REGISTERED security experts can be delivered such an information. I must tell you
that it will be EXTREMELY lucrative position to be such an expert. So maybe let us start from the most important issue: HOW to become such an authorised by MS security expert???? I have no objection against making a very much extra money on this issue.
Fifths: There is NO better regulator of all industry-customer problem then free market with possibilities for the customer to choose from.
To conclude: from my point of sitting you are getting us into pre"Cuccoo's Egg" ages again... Or maybe into "The Brave New World"???

Cheers,

Piotr Flakowski
Atos Origin Poland
al.Jerozolimskie 195B
02-222 Warszawa
Poland
*************************************************
tel: +48-22-5710155
fax: +48-22-5710033
e-mail: piotr.flakowski@philips.com

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate



Relevant Pages

  • Re: [Full-disclosure] Firefox Remote Compromise Leaked
    ... Disclosure spreads awareness, and awareness allows defense. ... Disclosure spreads awareness, ... The technology to protect them must be created, ... >exploited against people who aren't aware that there is a secret. ...
    (Full-Disclosure)
  • Re: Using 0days as part of pen-test?
    ... the client the option to determine how the vendor gets notified. ... vulnerability information you discover during ... The legal issue isn't the disclosure process, you can act as "legal entity" ... final objetive is to protect. ...
    (Pen-Test)
  • Re: Using 0days as part of pen-test?
    ... I'm rather new to responsible disclosure, so experts may found silly my ... I've identified a vulnerability in some closed-source ... Just imagine that you are a auditor and you dont know this vuln (and many ... Your objetive is to protect the system against known and unknown ...
    (Pen-Test)
  • Re: Using 0days as part of pen-test?
    ... I'm rather new to responsible disclosure, so experts may found silly my ... I've identified a vulnerability in some closed-source ... Just imagine that you are a auditor and you dont know this vuln (and many ... Your objetive is to protect the system against known and unknown ...
    (Pen-Test)