From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 14:07:14 EDT
>I'm glad to see that you've opened the list to commentary. A few
>questions though:
>(1) You mention "post on vendor reviews". The posting you sent out
> appeared to set overall list policy, not merely policy on vendor
> reviews. Please clarify whether your policy change is intended to
> apply only to postings about vendor products, or to all postings.
I thought that it would have been clear enough. It was and is particular
to vendor/product reviews.
>(2) Beyond the question of whether you can actually determine whether
> a person is posting via an account with a "real name" associated
> with it, do you actually believe that the list contents will be
> improved by attempting to implement posting approvals based on
> appearance rather than content?
The content is of primary consideration and its something I actively
moderate in general. In this situation the context demands that to avoid
abuse of this forum peoples opinions on this issue need to be attached to
an identifiable entity.
>(3) Further to the 'real name' question, I presume that the moderator
> is able to judge the difference between "Your product sux r0cks"
> and "Your product can't push 100Mbit of traffic" - and also
> between "Our product will protect your network and make you
dinner"
> and "Our product is a stateful packet filter".
Ill try my hardest.
>(4) Despite his feeling strongly about this issue, I'm still shocked
that
> the esteemable moderator threatened to unsubscribe people from
> all securityfocus lists (barring bugtrq) if they didn't comply
> with his demands. Perhaps the moderator mis-spoke in the heat
> of the momment?
No, I was dead serious. People who use this list to attack other people
under the veil of anonymity with the *sole* purpose of devaluing their
product or service will get axed. I see no place for the here and it
violates the spirit of this entire site and its lists. Having said that
Ive never actually axed anyone from all of our lists .
>Questions aside, the issue of inappropriate pressure being placed on the
>moderator vis a vis stock holdings and other business interests has
>been brought up on the full-disclosure mailing list. It would certainl
>lear the air if any conflict of interest was plainly stated.
First to speak to Symantec, or rather Symantec SF Corporation (which is
the owner of this site not Symantec proper). We are all lost if a 1.4
billion dollar a year corporation has nothing better to do than
micro-manage SecurityFocus. A very, very, very tiny component of its
overall holdings. So to address that point in short the answer is no.
Symantec proper has no bearing in this. The management of this site falls
to me with all its ups and downs.
Now as to my own financial holdings. Barring the fact that its none of
your business Ive already posted to this but Ill say it again. I do not
own shares in CORE ST. I am however close friends with most of the
principals there, in fact their CTO was the best man at my wedding. Having
said that I have close ties with many people in this industry given its
been my home for a long time. Thats not the point either though my
concerns here speak to this issue in general. Youll have to remember I
allowed the initial post through questioning their product. Ive been
moderating this list and others for a long time and know well that these
posts elicit both positive and negative feedback. I have no problem with
that my issue is around accountability.
-al
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT