Re: ISS Apache Advisory Response
From: dminor@houston.rr.comDate: 06/22/02
- Previous message: gobbles@hushmail.com: "Ending a few arguments with one simple attachment."
- Maybe in reply to: Kee Hinckley: "Re: ISS Apache Advisory Response"
- Next in thread: Security Admin: "Re: ISS Apache Advisory Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Jun 2002 06:56:36 -0000 From: <dminor@houston.rr.com> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
I've read through just about every single post regarding ISS and the Apache
bug, their advisory release, their defense, and the response of others throughout
the community regarding this issue.
I am not embarassed to say that I do not agree with ISS's defense. From an
ethical standpoint, I would interpret their handling of the release to be wrong
and a direct contradiction to some of the basic principles and standards under
which IT professionals conduct themselves. This incident had a negative impact
on many people (including the Apache develpment team) along with those of us
who are responsible for Apache systems. In the five years, I've been working
with Linux, I don't recall another incident being handled so poorly.
There are a lot of talented people working with open-source including the
end-users who use these products and I find it rather "dark" to single them
out by saying, "virtual organizations [??] do not have an ability to enforce
strict confidentiality." There is little to be gained by such a statement.
-- Patrick
"Opinions expressed are only mine."
- Previous message: gobbles@hushmail.com: "Ending a few arguments with one simple attachment."
- Maybe in reply to: Kee Hinckley: "Re: ISS Apache Advisory Response"
- Next in thread: Security Admin: "Re: ISS Apache Advisory Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
