[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vendor disclosure to ICSA IDC
- To: Russ <Russ.Cooper@rc.on.ca>
- Subject: Re: Vendor disclosure to ICSA IDC
- From: Gene Spafford <spaf@cs.purdue.edu>
- Date: Wed, 7 Jul 1999 10:46:38 -0500
- Cc: cve-review@linus.mitre.org
- In-Reply-To: <61143C10CC8AD211A2F10000F878E6830D51B5@ns.rc.on.ca>
- References: <61143C10CC8AD211A2F10000F878E6830D51B5@ns.rc.on.ca>
- Reply-To: spaf@cs.purdue.edu
At 11:48 PM -0400 7/6/99, Russ wrote: > >The issue that's relevant to the CVE effort is the level of disdain >Jason had towards my suggestion that the Mitre effort was the right >place to disclose the information. He was not impressed, and that is >something I would like to see changed. In the last decade, I have seen no MS personnel attend security conferences, workshops, or important meetings. When I was part of a high-level government working group investigating dangers of COTS, MS was the only vendor that did not provide cooperation. MS also has a poor history of cooperating with anti-virus researchers and vendors. They have an institutional attitude problem about security efforts. I would like to see it changed, too, but I won't hold my breath. Our best bet is to do the best we can with what we have, and after the CVE goes public and people start referencing it, we hope they cooperate. --spaf
- References:
- Vendor disclosure to ICSA IDC
- From: Russ <Russ.Cooper@rc.on.ca>
- Vendor disclosure to ICSA IDC
- Prev by Date: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- Next by Date: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Prev by thread: Vendor disclosure to ICSA IDC
- Next by thread: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Index(es):
