Bugtraq mailing list archives
Re: UnixWare
From: mcn () nostromo c3 lanl gov (Michael Neuman)
Date: Wed, 27 Apr 1994 12:01:16 -0600
From spaf () cs purdue edu Wed Apr 27 11:52:25 1994
Just a comment on:CERT reacts far too slowly to reported holes. I'd much rather shut down some functionality on my system to wait for a patch than leave systems wide open while waiting for a report to come from CERT.If you are using a commercial system like UnixWare, then what the heck is wrong with your vendor that they aren't responding quickly? CERT passes vulnerabilities on to vendors. When vendors inform them of a patch, CERT publishes it. But it is the *vendors* that are slow in the process. CERT doesn't fix things. If you are going to direct criticism, direct it where it belongs -- at vendors (and at customers who blindly buy the crap some vendors put out).
I'd agree with you EXCEPT I wasn't suggesting CERT should "fix the bugs faster" as you imply. I'm complaining that they get a report of a hole, pass it on to the vendors, and that's it. As I said above, I'd much rather shut down some functionality on my system and wait for a patch then leave my systems wide open. This is not a criticism of CERT per se, but just the systems we have in place in general. If CERT doesn't want this task of sending out advisories that look like, "There's a problem in rdist, shut it down completely until a patch is available or else..." than someone else should. CERT does do some great incident coordination--my interactions with them (through CIAC) have been great. However, I just wish their roll would be expanded a little more. -Mike
Current thread:
- Re: UnixWare, (continued)
- Re: UnixWare David A. Curry (Apr 28)
- HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bennett Todd (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare (I think it's time to pick a new subject) Doug Hughes (Apr 28)
- Re: UnixWare Marc W. Mengel (Apr 29)
- Re: UnixWare Daniel R Ehrlich (Apr 28)