nanog mailing list archives
Re: Trusting COTS - What's really in the box?
From: Sean Donelan <sean () donelan com>
Date: Thu, 10 Jun 2004 07:02:33 -0400 (EDT)
On Mon, 7 Jun 2004, Randy Bush wrote:
building from certifiable open source that has been inspected by many is the only half-credible scheme of which i am aware.
More flaws foul security of open-source repository By Robert Lemos Staff Writer, CNET News.com http://news.com.com/2100-7344-5229750.html Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. [...] The major projects using the program were notified of the issues May 28. On Wednesday, the security holes were publicly announced. Since the topic of pre-notification came up during the NANOG nsp-sec BOF, should CVS have pre-notified selected major users of the software before the public announcement? Did this create favoritism, or should they have held off and told everyone about the vulnerability at the same time with the public announcement.
Current thread:
- Re: IT security people sleep well, (continued)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 07)
- RE: IT security people sleep well Michel Py (Jun 07)
- RE: IT security people sleep well Dan Hollis (Jun 07)
- RE: IT security people sleep well Jason Frisvold (Jun 07)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 07)
- RE: IT security people sleep well Edward B. Dreger (Jun 07)
- Re: IT security people sleep well Adrian Chadd (Jun 07)
- Re: IT security people sleep well Suresh Ramasubramanian (Jun 07)
- Trusting COTS - What's really in the box? Sean Donelan (Jun 07)
- Re: Trusting COTS - What's really in the box? Randy Bush (Jun 07)
- Re: Trusting COTS - What's really in the box? Sean Donelan (Jun 10)
- Re: Trusting COTS - What's really in the box? Suresh Ramasubramanian (Jun 07)
- RE: IT security people sleep well Jason Frisvold (Jun 08)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 07)
- Re: IT security people sleep well Randy Bush (Jun 07)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 07)
- Re: IT security people sleep well Valdis . Kletnieks (Jun 07)