nanog mailing list archives
Re: IBM report reviews Internet crime
From: Owen DeLong <owen () delong com>
Date: Tue, 12 Feb 2008 14:05:36 -0800
On Feb 12, 2008, at 11:46 AM, Florian Weimer wrote:
* Owen DeLong:If the vulnerability cannot be corrected through a vendor patch, then,one has to wonder what, exactly the vulnerability is.You assume that a vendor patches a vulnerability once they learn aboutit. In my experience, this is not true. Sometimes it's easy to explain (product or vendor ceased to exist), sometimes it's not (some cross- sitescripting issues I'm trying to straighten out; minor bugs to you perhaps, but huge media exposure because of their visibility and reproducibility--think FDIV bug).
No, I presume that a vulnerability identified as "cannot be resolved through vendor patch" means a vulnerability for which, even if a vendor patch were available, it would not resolve the vulnerability. A vulnerability for which
a patch is not yet available, but, which could be resolved if the vendor released a patch is a vulnerability which "CAN be resolved through vendor patch when one becomes available."It is unclear from the text provided which of our conflicting definitions for
the term applies in IBM's text. Owen
Current thread:
- IBM report reviews Internet crime michael.dillon (Feb 12)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 12)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 13)
- Re: IBM report reviews Internet crime Florian Weimer (Feb 12)
- Re: IBM report reviews Internet crime Valdis . Kletnieks (Feb 12)
- Re: IBM report reviews Internet crime Jim Popovitch (Feb 12)
- Re: IBM report reviews Internet crime Andre Gironda (Feb 12)
- Re: IBM report reviews Internet crime JC Dill (Feb 13)
- Re: IBM report reviews Internet crime Andre Gironda (Feb 13)
- Re: IBM report reviews Internet crime Mark Radabaugh (Feb 13)
- RE: IBM report reviews Internet crime Frank Bulk (Feb 14)
- Re: IBM report reviews Internet crime Owen DeLong (Feb 12)