Re: Product review postings (was Administrivia)

From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 14:19:45 EDT

• Next message: cpreston@gci.net: "ipaq open udp ports"
• Previous message: Alfred Huger: "Re: Product review postings (was Administrivia)"
• In reply to: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Next in thread: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Reply: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Reply: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Reply: David J. Meltzer: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>>(although I imagine setting criteria will be
> > thorny) but I still am leery about purely anonymous posters.
>

> Why? You see and moderate every post before it gets to the list, and
have
> the option to refuse posts, or request that a post be rephrased before
> allowing it on the list.
>

How does that address accountability?

> If I were being uncharitable, I'd have to say that a paraphrase of
> your views on accountability would be:
>
> People should be identifiable so vendors have somebody to sue,
> other than me, or my company.
>

Hahhaha, ok. If I were being uncharitable I would say you have an over
inflated sense of your own entertainment value and a persecution complex.
Please point out to me one single instance of a *security* vendor suing
anyone (individual or otherwise) for a bad review.

> What about vendors being accountable for producing shoddy goods? How
> do we distinguish between "This product doesn't run at 100Mbit" being
> a valid criticism, or critical damage to a vendor (despite being
> true). This seems like another version of "any disclosure is bad".

Please do not confuse this with Full Disclosure of vulnerabilities and
criticism of products. The two issues are wholey separate and I am
guessing you actually do understand the distinction. I have no problem
with critical information being posted so long as the poster is
accountable for his or her statements.

>
> There's a difference between polite frank and open discussion, and
> newspeak.

I'm afraid you've got me there what is newspeak?

-al

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

• Next message: cpreston@gci.net: "ipaq open udp ports"
• Previous message: Alfred Huger: "Re: Product review postings (was Administrivia)"
• In reply to: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Next in thread: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Reply: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Reply: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Reply: David J. Meltzer: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT