Full Disclosure mailing list archives
Re: The Large-Scale Threat of Bad Data in DNS
From: full-disclosure () lists netsys com (Georgi Guninski)
Date: Tue, 13 Aug 2002 17:51:31 +0300
FORENSICS.ORG Security Coordinator wrote:
On a related subject, everyone involved in the process of computer security vulnerability discovery, disclosure, and software bug fixes should take a moment to familiarize themselves with the internet draft of the Responsible Vulnerability Disclosure Process, and in particular note the important role of a third-party "coordinator" in cases where any party involved in the process needs help communicating with any other party to ensure proper handling and comprehensive understanding of complex technical materials: http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-0 0.txt Most vulnerability disclosures occur today without comprehensive cross-vendor research facilitated by a coordinator. Our group of forensic experts makes its members available to function as Security Coordinators to any party who needs this type of technical assistance.
I am getting tired with speculations about this draft which the IETF did not approve. So in the case with DNS browser fun, Microsoft denied this to be a problem, so some good coordinator should try to convince them that this is really a bug and they should be so kind to fix it, or am I missing something? Or is the idea the coordinator to sell the info early? What about the following: me becoming the personal coordinator of forensics.org (without any obligations on my part, of course), i.e. whenever forencics.org becomes aware of a 0day, they notify me about the 0day with full details? In case you have missed it, some people quite disagree with the draft, check: http://lists.netsys.com/pipermail/full-disclosure/2002-August/000822.html Georgi Guninski http://www.guninski.com
Current thread:
- Re: The Large-Scale Threat of Bad Data in DNS Georgi Guninski (Aug 13)