Re: Product review postings (was Administrivia)

From: Mark C. Langston (mark@bitshift.org)
Date: Tue Jul 08 2003 - 14:41:30 EDT

• Next message: Alfred Huger: "RE: Product review postings (was Administrivia)"
• Previous message: Keith T. Morgan: "RE: Product review postings (was Administrivia)"
• In reply to: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Next in thread: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Reply: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Jul 08, 2003 at 12:19:45PM -0600, Alfred Huger wrote:
>
>
> Please do not confuse this with Full Disclosure of vulnerabilities and
> criticism of products. The two issues are wholey separate and I am
> guessing you actually do understand the distinction. I have no problem
> with critical information being posted so long as the poster is
> accountable for his or her statements.
>

So you will now require all vulnerabilities posted to be traceable back
to the individual who discovered and/or publicized the vulnerability?
Can you not see the chilling effect this would have? Many
vulnerabilities would not be publicised, and those that were would
quite possibly be actionable under the DMCA. Those that weren't
may still present problems other posters have raised, such as the
advertisement of problems with one's own products (in effect,
anonymous whistleblowing), or with one's own purchases (which would
be a welcome mat for anyone wishing to penetrate that individual's
infrastructure).

I understand your frustration, but here I believe the bad outweighs
the good, and I've yet to see an explanation of the good inherent
in this policy. Accountability is fine, but accountability to
what ends? If someone misbehaves, you can throw them off the list
by removing their e-mail address from the list. You do not require
a real name do accomplish this.

-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark@bitshift.org                                       mark@seti.org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with 
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn 
more.
----------------------------------------------------------------------------

• Next message: Alfred Huger: "RE: Product review postings (was Administrivia)"
• Previous message: Keith T. Morgan: "RE: Product review postings (was Administrivia)"
• In reply to: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Next in thread: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Reply: Alfred Huger: "Re: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT