Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: "gregh" <chows () ozemail com au>
Date: Fri, 8 Aug 2003 07:41:38 +1000
----- Original Message ----- From: gridrun To: full-disclosure () lists netsys com Sent: Friday, August 08, 2003 2:53 AM Subject: [Full-disclosure] Vulnerability Disclosure Debate
Vulnerability Disclosure Debate by gridrun on 8/07/03
The security alliance around Microsoft is trying to push its "reasonable vulnerability disclosure guidelines", which seeks to prevent security researchers from publishing proof-of-concept code alltogether, and wants them to make only limited, next to useless, information about security flaws available to the public. In my humble, personal opinion, this step seeks to maximize income of several large security firms, as they would release any detailed information only to paying groups of subscribers... An inherently dangerous plan, and the argumentation behind it is severely flawed.
I would like to point out one plain and simple thing that, to this day, stuffs up the best - and worst - drawn up plans of the Federal Govt here in Oz so will ultimately do the same to MS for their efforts. The law! Example: Parents with kids who dont want to sit in front of the computer watching what their kids are doing lobbied hard and succeeded in getting the Fed Govt here to draw up and pass laws to "limit Internet" which, of course, dont work. In one particular law, they decided that even soft porn (topless females etc) were not allowed to be show on Internet sites in Oz and one particular guy made a living out of selling such stuff online. Leave out the fact that a kid can go into a newsagent and see a lot more of course. Anyway, the day prior to the law coming into effect which would have killed his business, he moved the entire web site to another country and used the same web site address not missing a beat in the process and though he still sells soft porn online to this day in Oz, as it is hosted in another country, it is effectively outside the laws of Oz. So, if MS really DO get this shit passed, all we have to do is remember this stuff and move the list and it's web site and whatever else you think is necessary off to another country where laws are different. Effectively you wouldnt be "publishing" in the country that didnt want this happening but publishing nonetheless. ----------------------------------------------------------------------------- | < Friar Tuck was a Spoonerism victim at the hands of the Merry Men!!> | ----------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability Disclosure Debate gridrun (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Ben Laurie (Aug 13)
- Re: Vulnerability Disclosure Debate Jeremiah Cornelius (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 07)
- Re: Vulnerability Disclosure Debate Geoincidents (Aug 07)
- Re: Vulnerability Disclosure Debate Cesar (Aug 07)
- Re: Vulnerability Disclosure Debate gregh (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Joel R. Helgeson (Aug 07)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 08)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)