Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
First, no one has suggested that we maintain the status quo. As I've
said a few times already, I think we can all agree things could and should
be done better. What it boils down to is that no one, not you, not Marcus,
not anyone has offered a viable alternative. The best we've heard from
this particular camp is that people that publish vulnerability information
without information the vendors should be sued. Yeah, thats going to work.
That and a lot of moaning.
Come up with some viable alternative, then will talk.
Second, we already been in a position were we threw out the baby. Maybe
you weren't on the Internet in those days, but I was. Let me tell you, it
was not a pretty picture. As much as people bitch about security today
it is no where near as bad as it was back then. That is why full disclosure
came about. It would have never been as successful if things hadn't been
as bad as they were. Maybe things have gone to far in this direction as
well, but going back to the way it was before is not the solution.
Amputate that, Surgeon.
Si vis pacem, para bellum