Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CERT/AUCERT

From: mycroft () datasphere net (Mycroft)
Date: Thu, 19 Dec 1996 11:47:33 -0800

Within the past few months, there has been a decisive trend in
CERT/AUCERT's release of vulnerability notices. A bug appears on
BugTraq, and within hours or days, a AUCERT or CERT vulnerability
notice appears. That is a GoodThing(tm). However. In these notices,
CERT/AUCERT has failed to credit the authors of those exploits. Now,
yes, it is entirely possible CERT/AUCERT has known about these holes
for ages, and just decided not to release a vulnerability notice. Of
course, that can't be true, because that would make them willing
accomplices to break-ins. So, assuming that they didn't know about
these holes, and the way too coincidental timing issue, I would have
to say AUCERT/CERT owes a number of people an apology, at the very
least.

CERT and AUCERT are both funded organizations, bound by the same laws
as the rest of us. CERT, being funded by DOD and other federal
sources, is certainly bound by intellectual property statutes. So if
CERT and AUCERT have truly discovered these holes in parallel with
their known and respective authors, it would be extremely interesting
to see some proof of that.

.mycroft
--
[:]====================================================================[:]
[\] Mycroft <mycroft () datasphere net>       >>>>>[DataSphere]<<<<<      [=]
[=] Key fingerprint = DD B1 A7 D9 2D DF A0 F7  23 C2 6B EC 5A AD 01 A9 [\]
[:]====================================================================[:]
Previous By Date Next
Previous By Thread Next

Current thread: