|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [TECH] CD:VAGUE (Vague Vendor Descriptions of Vulnerabilities)
On Tue, Feb 19, 2002 at 08:05:19AM -0600, Stu Green wrote: | Steve, | Given an environment that will be affected by Digital Rights Management | and inherant potential DMCA | 'violations' the definition of vague might take on alternate meaning. | If a suspected vulnerability can not | be detailed for fear of infringing on the publisher's copyright, a vague | presentation might be required until | the aforementioned publisher deems it reasonable to allow the | vulnerability to be thoroughly documented. | Whatever the ramifications are, the case of Adobe and Dmitry Sklyarov | sets an uncomfortable precedent. I'd like to suggest that this case is quanlitatively different: CD-VAGUE suggests that the vendor confirms a vulnerability CD-DMCA suggests that a researcher has stated a vulnerability exists. In the latter case, the vulnerability may be disputed, its effects may be disputed, and there may be no fix available. Indeed, CD-DMCA may interact with other CDs regarding precision, codebases, etc. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
|
||||
