Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines

From: rsh () idirect com
Date: Tue, 06 Jul 2004 17:21:14 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To add to the 'Nobody trusts the OIS or its motives', I have to state
that those NOT in the US object strenuously to anyone in the US
unilaterally legislating anything that impacts a system used
world-wide, when the 'safety' being legislated is to the benefit of
the US over the rest of the world's concerns.  US court rulings in
the area of the Internet, copyright, email privacy, and individual
privacy rights tend to go against the views and rulings in the rest
of the world, making us leery of any US centric legislation, much
less unilateral laws on 'Internet Safety' or security.



On Sun, 04 Jul 2004 13:18:35 -0400, you wrote:


Nobody trusts the OIS or its motives. I imagine this is similar to
the  feedback you've gotten from everyone else as well, but Immunity
has no  plans to subscribe to your guidelines, and is going to
oppose any 
efforts you make to legislate those guidelines as law. In section
1.1  the draft proposes that the purpose of the OIS's model is to
protect  systems from vulnerabilities. This is fairly obviously
untrue - the  purpose of the OIS is to lobby towards a business
model for Microsoft  and the other OIS members that involves the
removal of non-compliant  security researchers.

This call for feedback is a thinly disguised attempt to get public 
legitimacy and allow the OIS to claim it has community backing,
which it  clearly does not.

It's rare, but there are still security companies and individuals
who do  not owe their entire business to money from Microsoft. It's
July 4th.  and some of us are Americans who understand the concept
of independance.  

Dave Aitel
Immunity, Inc.

OIS wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Organization for Internet Safety (OIS) extends an invitation
to the readers of the BugTraq, NTBugtraq, and Full-Disclosure
mailing lists to participate in the ongoing public review of the
OIS Security Vulnerability Reporting and Response Guidelines.
The OIS reviews the Guidelines annually to ensure that they remain
useful and relevant to the security community and, most
importantly, to the millions of computer users who are the
ultimate beneficiaries of effective computer security practices. 
Over the past year, OIS has received feedback from many adopters
of the Guidelines as well as from several public-private
partnerships, and have incorporated much of this feedback into an
interim version that is available at
http://www.oisafety.org/review/draft-1.5.pdf.  We recommend
reviewing the interim version, but reviewers are welcome to
provide feedback on the original version at
http://www.oisafety.org/reference/process.pdf if they would like.

For more information on the public review, please visit
http://www.oisafety.org/review-1.5.html.  The closing date for the
review has been extended until 16 July 2004.  We look forward to
your feedback.

Regards,

The Organization for Internet Safety
www.oisafety.org

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
KWNTvxgQVKXiC1OU9CR/rXYF
=4mT/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html






-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQOsXYKKT2LGXz67mEQKX8wCfTjNI3Rdw0HS2tbs4kTHPSlhum7oAoILj
aS9f+kUFvxTJrufWV2nRfhOF
=To5H
-----END PGP SIGNATURE-----

R.S. (Bob) Heuman         -         Toronto, ON, Canada
=======================================================
        Independent Computer Security Consulting
    Web Site Auditing for Compliance with Standards
<rsh () idirect com>        or        <rheuman () rogers com>
                    Copyright retained.
               My opinions - no one else's...
   If this is illegal where you are, do not read it!
Previous By Date Next
Previous By Thread Next

Current thread: