Re: Symantec to buy three security firms

[InfoSec News <isn () c4i org>]

Forwarded from: Chris Wysopal <cwysopal () atstake com>

There already is an independent list for disclosing vulnerabilities.  
It is vulnwatch () vulnwatch org.  Vulnwatch was created a year ago by
Steve Manzuik, Rain Forest Puppy, and me.  We saw the industry relying
on a single point of failure for getting out timely vulnerability
information.

We are the current moderators but we are in the process of adding 2
new moderators whose names you will recognize if you follow
advisories.  We are still looking for a moderator from the far east or
hawaii to reach our goal of 24 hour moderation coverage.  As it stands
now RFP needs to stay up until 2am. :)

Vulnwatch has over 4000 subscribers.  It is an all vulnerability list.  
No discussion.  Vendor bulletins are only approved if they add new
information.  The idea is fresh vulnerability information straight up.
You can take a look at the archives to get a feel for the list:  
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/ Subscription
info at www.vulnwatch.org.

-Chris



InfoSec News wrote:
> http://www.nwfusion.com/news/2002/0717syman2.html
>
> [Several ISN readers sent word of the $355 million Symantec buying
> spree, and you start to wonder how much more $$$ Symantec has
> sitting in the petty cash box for future acquisitions and whose
> next? Other questions come to mind, since Symantec has a track
> record of overhyping virus warnings, who isn't to say that the same
> won't become the norm with security holes? also troubling me is that
> Symantec being the large one-stop security group it is now, might
> hold onto security vulerabilties of Symantec products. Lastly, if
> some of these fears become reality, you have to wonder if there's
> going to be a new independent mailing list for security
> vulnerabilities. ;)  - WK]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.