Dailydave mailing list archives
Re: Speculation
From: Paul Vixie <vixie () isc org>
Date: Sat, 19 Jul 2008 14:22:47 +0000
Those of us outside the research community who have to advise management cannot tell our executives "trust Dan." We have to be able to weigh costs vs benefits, implementation details, and the like. I'm glad people here and elsewhere have tried to figure this out, since it gives details to guide my recommendations.
would you have preferred that the attack vector be completely published on day 1, rather than a cert advisory with details to follow a month later at defcon, so that your recommendations could be completely informed? note that in that case it would also go in the wild before you could patch. is that what you want the next discoverer to do for you? note, it's not just "trust dan." dan looped in a powerful group of dns folks, each of whom was heard to speak the words "oh, shit!" and we have been making the rounds, lending our names to this. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Speculation, (continued)
- Re: Speculation Paul Vixie (Jul 18)
- Re: Speculation Marc Maiffret (Jul 18)
- Re: Speculation Paul Vixie (Jul 18)
- Re: Speculation Thomas Ptacek (Jul 19)
- Re: Speculation Paul Vixie (Jul 19)
- Re: Speculation Thomas Ptacek (Jul 19)
- Message not available
- Re: Speculation Thomas Ptacek (Jul 19)
- Re: Speculation Paul Vixie (Jul 18)
- Re: Speculation Alexander Sotirov (Jul 24)
- Re: Speculation Paul Vixie (Jul 19)
- Re: Speculation Paul Melson (Jul 20)
- Re: Speculation Thomas Ptacek (Jul 20)