Re: bind 8 info update regarding ISS

• Previous message: 3APA3A: "LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Mon, 18 Nov 2002 20:44:41 +0200
From: Georgi Guninski <guninski@GUNINSKI.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ wrote:

> Note: The Bugtraq Moderator has informed me that this topic has been closed,
> but they have graciously allowed me an opportunity to respond to statements
> made directly at me by mark_sala@yahoo.com.
>
> Mark said;
> "In the end, I'd rather have a security company find the vulnerabilities and
> work with the vendor to fix, then to stay in the dark and let the holes stay
> open for intruders to exploit."
>
> Where is it stated that there are only two options here? The OIS was formed
> with the stated goal of defining best practices when it comes to disclosure.
> This not only suggests there are many (e.g. more than two options), but also
> that there's disagreement in the community (both the industry and userbase) as
> to what should be done. Even Mike Warfield's note states there is a fine line
> and you can never do the "right thing".

I don't understand why instead of finding bugs you whine about responsibility
issues - be a real surgeon and kill a bug.
Personally don't care why the OIS was formed, but I am glad ISS disclose bugs
instead of following some rules of organization of which microsoft is member.

I'd like to question the trustworthiness of
http://www.oisafety.org/

Georgi Guninski
http://www.guninski.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.

Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;

http://www.trusecure.com/solutions/certifications/ticsa/

for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Next message: Karan Mavai: "FW: Improvements to Microsoft Security Reponse Communications"
• Previous message: 3APA3A: "LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Pentester convicted.. ... and thus politely forcing them take responsibility for the protection of privacy of the data they carry. ... and ignored the first 2 reports. ... A security pro notices a flaw, checks to make sure he is not on crack ... Download FREE whitepaper on how a managed service ... (Pen-Test) Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs ... arrogance regarding security have influenced the ... In this situation, bugs can be patched without fuss, and simple ... There are no secrets in Mozilla. ... to avoid using Internet Explorer until Microsoft patches ... (Bugtraq) Why So Many Sercurity and bug Updates For SuSE 10 Linux? PART2 ... This update fixes the following security issues: ... - Bugs in the exif code could lead to a crash ... Active Directory" as the fashion in which user and group lists can be ... (alt.os.linux.suse) Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs ... arrogance regarding security have influenced the ... In this situation, bugs can be patched without fuss, and simple ... There are no secrets in Mozilla. ... > to avoid using Internet Explorer until Microsoft patches ... (NT-Bugtraq) [Full-Disclosure] Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Se ... arrogance regarding security have influenced the ... In this situation, bugs can be patched without fuss, and simple ... There are no secrets in Mozilla. ... > to avoid using Internet Explorer until Microsoft patches ... (Full-Disclosure)