Full Disclosure mailing list archives
Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more...
From: Anders Langworthy <hades () psilanthropy org>
Date: Sat, 12 Mar 2005 12:21:11 -0600
J.A. Terranson wrote:
This "story" really just reflects what has been going on in the real world for some time now.
Yes. Another incident from two years ago that demonstrates this philosophy quite well:
[From http://www.eweek.com/article2/0,1759,921855,00.asp] [FEDS MOVE TO SECURE NET]"The most significant move is the development of a private, compartmentalized network that will be used by federal agencies and private-sector experts to share information during large-scale security events...
"Sachs...pointed to last week's handling of the critical vulnerability in the Sendmail Mail Transfer Agent package as a prime example of how such back-channel communication between vendors, researchers and the government can help protect end users. Researchers at Internet Security Systems Inc., in Atlanta, discovered the vulnerability in mid-February and immediately notified officials at the White House and the Department of Homeland Security.
The government quietly spread the word among federal agencies and, along with ISS, began contacting the affected vendors. After the vendors developed patches, the fixes were deployed quickly on critical government, military and private-sector machines before the official announcement of the vulnerability."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..., (continued)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... Vincent Archer (Mar 14)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... James Tucker (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Vincent van Scherpenseel (Mar 13)