RE: ISS: Pot, kettle, black, etc..

["Young, Keith" <Keith.Young () montgomerycountymd gov>]

>
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=
77789754-705d-4f65-85f3-3e2cd713e938&newsType=Latest%20News

> How do ya like them apples? I seem to recall ISS was 
> itself involved in the whole sordid "Ciscogate" embroglio...

Ah, but ISS Legal will have a different "agenda" than ISS Marketing. 

And honestly, he is right. Cisco, Oracle, and some small private
Internet security firms are the worst in terms of getting fixes
published even after vendor confirmation. Approximately 75% of the holes
that I reported to these organizations still exist after years of
product updates. I can't even imagine the frustration over threats of
public disclosure that X-Force, RAZOR, and many of you deal with on a
regular basis...

The only thing that has kept me from public disclosure is lack of time
for research/documentation.

--Keith

Keith Young, Security Official
Department of Technology Services
Montgomery County, Maryland
phone - (240) 777-2955


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.