Re: DHS / US-CERT do we need them want them?

[Valdis.Kletnieks () vt edu]

On Fri, 24 Oct 2008 00:01:23 BST, n3td3v said:
> are done. And in times of need, force people to work with each other
> even if they don't really want to. Maybe the forcing people to
> collaborate is a good thing at critical times, but you don't need a
> whole US-CERT for that, it just takes a couple of independant folks to
> do that, out there in the community when it becomes apparent when
> action with multi-vendors, governments is required.

You *do* in fact need "a whole US-CERT" to force people to collaborate. There's
a *very* short list of "a couple of independent folks" who can get things to
happen just on their own personal credibility - and they're usually already
totally overcommitted during these sorts of crises.

How many machines got patched for Dan Kaminsky's DNS issue because US-CERT said
"Patch it or else"? And then how many machines got patched because Paul Vixie
said "You really need to patch it"?

And there's always the issue that if it's just some random people, they
might all be off on vacation when things hit the fan - if it's an organized
agency, there's somebody to make sure that there's adequate coverage all
the time.  Yes, somebody needs to work the week between Christmas and
New Year's - and that implies a boss who will make sure that happens.

> white hats if another white hat doesn't agree with something. But
> people like valdis will still call me names, but he is probably a
> republican, so who cares.

You obviously haven't been paying attention.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/