Re: Vendor disclosure to ICSA IDC
At 11:48 PM -0400 7/6/99, Russ wrote:
>The issue that's relevant to the CVE effort is the level of disdain
>Jason had towards my suggestion that the Mitre effort was the right
>place to disclose the information. He was not impressed, and that is
>something I would like to see changed.
In the last decade, I have seen no MS personnel attend security
conferences, workshops, or important meetings. When I was part of a
high-level government working group investigating dangers of COTS, MS
was the only vendor that did not provide cooperation. MS also has
a poor history of cooperating with anti-virus researchers and vendors.
They have an institutional attitude problem about security efforts.
I would like to see it changed, too, but I won't hold my breath.
Our best bet is to do the best we can with what we have, and after
the CVE goes public and people start referencing it, we hope they