Full Disclosure mailing list archives

Re: CERT, Full Disclosure, and Security By Obscurity

From: Ben Laurie <ben () algroup co uk>
Date: Thu, 30 Jan 2003 18:52:32 +0000

Len Rose wrote:

With the recent evidence that CERT informed it's paying members about theSapphire SQL worm before the rest of the world should now indicate thatthey too are not a useful resource for timely and open security information.

This is news why? CERT told me that is what they wanted to do when Iwas, errm, in dispute with them over timing of the release of theOpenSSL holes last year. I believe I mentioned it at the time.

That's one reason I won't pre-notify CERT (or, indeed, anyone else[other than the vendor]) anymore.


Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

CERT, Full Disclosure, and Security By Obscurity Len Rose (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Jason Coombs (Jan 30)
  - RE: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
    - Re: CERT, Full Disclosure, and Security By Obscurity Darren Reed (Jan 30)
    - Re: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Ben Laurie (Jan 30)
  - Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 30)
    - Re: CERT, Full Disclosure, and Security By Obscurity Blue Boar (Jan 30)
    - Re: CERT, Full Disclosure, and Security By Obscurity KF (Jan 30)
    - Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 31)
    - Re: CERT, Full Disclosure, and Security By O hellNbak (Jan 31)