From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 14:52:16 EDT
On Tue, 8 Jul 2003, Mark C. Langston wrote:
> So you will now require all vulnerabilities posted to be traceable back
> to the individual who discovered and/or publicized the vulnerability?
Of course not but that's not at stake here. This list is not for vuln
disclosure there are more appropriate venues for that. Vulnwatch, Bugtraq,
Vuln-dev to name a few.
> Can you not see the chilling effect this would have? Many
> vulnerabilities would not be publicised, and those that were would
> quite possibly be actionable under the DMCA. Those that weren't
> may still present problems other posters have raised, such as the
> advertisement of problems with one's own products (in effect,
> anonymous whistleblowing), or with one's own purchases (which would
> be a welcome mat for anyone wishing to penetrate that individual's
> infrastructure).
>
When it comes to Full Disclosure I agree.
-al
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT