RE: [CVEPRI] Handling new vulnerabilities discovered by Steve Chr istey
1. I think Steve shouldn't worry about what might happen by some people. If
they trust CVE at all for anything, then by inference they must trust Steve
since his work has largely been responsible for the realization of the CVE
in the first place. If he gets picked on, tell us, we'll throw some good
quotes your way...;-]
2. I think Marcus is not alone in his feelings. I share many of them, and am
too not thrilled that ego-gratification is often the only motivation
(meaning that saving the world often does not even enter into a disclosure).
While I'm well known as having the ego of several, or even dozens of folks,
at least I'm deluded (publicly, privately comfortable) enough to
consistently believe I'm trying to save the world.
I found it extremely entertaining that Pascal's examples are amongst the
most popular TV game shows on American TV, thereby suggesting that there is
no more pride in cracking puzzles than there is in answering trivia. The
fact that his only examples *are* game shows would seem to imply his tacit
approval in the marketability of security disclosure information...which in
my book simply re-enforces Marcus' assertions.
The "market" is busting through its egg-shell as it matures into something
that the rest of the world can now see. As with all new children, we have
very different views about what we're going to be when we grow up. The
typical nest shuffling will occur, at which point some will drop over the
edge without sufficient "support" from Mom or Pop to know how to fly as we
fall...others will never risk the leap.
Whether they're looking directly at us or not, the world's watching...time
to choose what you're going to do. Like it or not, I know I've chosen.
Russ - Surgeon General of ICSA.net