Re: Pro Disclosure (was Re: UnixWare)

[scs () lokkur dexter mi us (Steve Simmons)]

> . . . I'm optimistic that the typical time between bug discovery
> and widespread bug fixing may drop from years to months. Maybe even,
> with work, to weeks. Once lots of people are exploiting the bug, I
> think keeping it out of system administrators' hands changes from
> well-intentioned foolishness to seriously irresponsible, destructive
> behavior.
>
> This, as best I recall, is why the bugtraq list was started.

Right.  And Pauls point was that having CERT is better than not having
CERT.  It fills a function, but not the function that bugtraq fills.

Bashing CERT isn't part of bugtraqs function.  Maybe we need to require
all postings to report an open hole.  :-)

ObBugReport: NIS.