Full Disclosure mailing list archives
Re: CERT, Full Disclosure, and Security By Obscurity
From: Ben Laurie <ben () algroup co uk>
Date: Thu, 30 Jan 2003 18:52:32 +0000
Len Rose wrote:
With the recent evidence that CERT informed it's paying members about the Sapphire SQL worm before the rest of the world should now indicate that they too are not a useful resource for timely and open security information.
This is news why? CERT told me that is what they wanted to do when I was, errm, in dispute with them over timing of the release of the OpenSSL holes last year. I believe I mentioned it at the time.
That's one reason I won't pre-notify CERT (or, indeed, anyone else [other than the vendor]) anymore.
Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT, Full Disclosure, and Security By Obscurity Len Rose (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Jason Coombs (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Darren Reed (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Grant Bayley (Jan 30)
- RE: CERT, Full Disclosure, and Security By Obscurity Jason Coombs (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Ben Laurie (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Blue Boar (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity KF (Jan 30)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 31)
- Re: CERT, Full Disclosure, and Security By O hellNbak (Jan 31)
- Re: CERT, Full Disclosure, and Security By Obscurity Georgi Guninski (Jan 30)