Bugtraq mailing list archives
Re: CERT, CIAC, etc. and unethical practices
From: zen () trouble org (d)
Date: Sat, 21 Dec 1996 00:19:17 -0800
In light of the recent discussion that has taken place in regards to {CERT,CIAC,AUSCERT,HP,SGI,etc} and their lack of ethics when it comes to crediting other peoples research; I am happy to announce a LARGE company that just did the exact opposite!
While I applaud lotus, and not to be a wet blanket or anything, I think that more companies would be more enthusiastic about acknowledging contributions of the people on these lists if they perceived us working with them, rather than against them. Posting code to a list & telling the world in no uncertain terms that you think that they are complete assholes and idiots is not the best way to make friends with them. If you don't want to be friendly with 'em, I don't care myself - it's a free world (at least in many places.) Just don't be too surprised when they say, essentially "fuck you" right back at ya by not giving you credit that you definitely deserve. One of the most effective things that I've seen (from working at cert and at a couple of unix vendors), that is, if you want some sort of credit, is to simply notify the vendor/developers/CERTs/whatever of the problem *before* posting it to the list. Give them a bit of time work out a fix, and *then* post the details. You might say that you don't know who to send things to or that they will just take too long to fix it and it's not worth your time, but I sometimes wonder how often people have even tried this approach lately - certainly I haven't seen much complaining lately about trying to talk to them *before* posting it on a list. There are often sympathetic ears at some of these companies, although it can be hard to find them (and perhaps if anyone ever does find one at any company it might be worth posting about it and telling the rest of us who to contact in the future). Again, I think it's great what lotus did, and I'm certainly all for places like the l0pht and yuri and sod and so on (just to name a few places) - it's obvious that there are a lot of bright and talented people out here. But I haven't seen much talent in the ol' PR dept. lately. Just some thoughts - -- d
Current thread:
- Re: CERT, CIAC, etc. and unethical practices d (Dec 21)
- Re: CERT, CIAC, etc. and unethical practices Chris Lavin (Dec 22)
- Re: CERT, CIAC, etc. and unethical practices Joshua Daymont (Dec 22)
- <Possible follow-ups>
- Re: CERT, CIAC, etc. and unethical practices Catherine Allen (Dec 22)