RE: Product review postings (was Administrivia)

From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 14:39:21 EDT

• Next message: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Previous message: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• In reply to: Keith T. Morgan: "RE: Product review postings (was Administrivia)"
• Next in thread: clarke-cummings@columbus.rr.com: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 8 Jul 2003, Keith T. Morgan wrote:

>
> > No, I was dead serious. People who use this list to attack other
> > people under the veil of anonymity with the *sole* purpose of
> > devaluing their product or service will get axed. I see no place for
> > the here and it violates the spirit of this entire site and its lists.
> > Having said that Ive never actually axed anyone from all of our lists
> > .
>
> That's good. However, I think you have a real challenge in front of you
> attempting to determine motives. Any vulnerability announcement would
> seem to have a "devaluing" effect on a product or service. I also think
> that unsubscribing a list member would have little effect.
> Resubscribing under another email address takes all of ten minutes.

Vulnerabilities live on Bugtraq or other such like lists and are in no way
governed by this policy.

>
> I also feel that some level of anonymity should be in place to protect
> posters from vendors. I'm not saying that folks should be able to post
> libelous statements, but is that the moderator's place to decide?
> What's libelous, what's true, what's untrue, what's real and unreal?

No, it's not. It is my place though to consider both parties and doing my
best to keep it honest. I think accountability goes a long way for this.
Again this is about product reviews not vuln disclosure.

>
> Historically the list has done a pretty good job of policing itself in
> these types of situations. Bogus postings are quickly identified as
> such, bad information is quickly debunked in replies.

Yes it does but I've also typically dropped most product queries because
of the issues I've already mentioned.

Alfred Huger
Symantec Corp.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

• Next message: Gwendolynn ferch Elydyr: "Re: Product review postings (was Administrivia)"
• Previous message: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• In reply to: Keith T. Morgan: "RE: Product review postings (was Administrivia)"
• Next in thread: clarke-cummings@columbus.rr.com: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT