[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey



Russ,

  First, no one has suggested that we maintain the status quo. As I've
said a few times already, I think we can all agree things could and should
be done better. What it boils down to is that no one, not you, not Marcus,
not anyone has offered a viable alternative. The best we've heard from
this particular camp is that people that publish vulnerability information
without information the vendors should be sued.  Yeah, thats going to work.
That and a lot of moaning.

  Come up with some viable alternative, then will talk.

  Second, we already been in a position were we threw out the baby. Maybe
you weren't on the Internet in those days, but I was. Let me tell you, it
was not a pretty picture. As much as people bitch about security today
it is no where near as bad as it was back then. That is why full disclosure
came about. It would have never been as successful if things hadn't been
as bad as they were. Maybe things have gone to far in this direction as
well, but going back to the way it was before is not the solution.

  Amputate that, Surgeon.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Page Last Updated or Reviewed: May 22, 2007