RE: Product review postings (was Administrivia)

From: clarke-cummings@columbus.rr.com
Date: Tue Jul 08 2003 - 15:51:54 EDT

I don't think it is unreasonable expectation that people identify
themselves when criticizing a product/vendor. I also think that vendor's
should be required to go one step farther and identify themselves as
_working for_ or _affiliated with_ said vendor. Everyone seems to be
assuming that people wrongly criticizing a product can do damage, but what
about false or overly positive posts about products?

But I also think we are thinking way to hard about this. At this time I am
willing, based on past experience, to trust Al to do a good job moderating
product/vendor postings.

Newspeak=Ari Fleischer

Cheers,
Clarke

Original Message:
-----------------
From: David J. Meltzer djm@intrusec.com
Date: Tue, 08 Jul 2003 15:16:24 -0400
To: pen-test@securityfocus.com
Subject: RE: Product review postings (was Administrivia)

I have in the past (years pre-securityfocus) been personally attacked
with lies about products I've been involved in by anonymous authors, and
I, like Al, have seen that anonymous cowards can make a real impact if
given the audience. That audience will always exist on full-disclosure
and other unmoderated lists, but I don't think there is any reason SF
needs to give them a forum.

Fact is, the posts that are most harmful don't come across as "y0ur
pr0dukt sukz", they are carefully written by intelligent folks who
insert their lies into coherent sentences. Even with an equally
intelligent statement refuting it by the vendor, there is no real way
for a 3rd party observer to know who is telling the truth.

I hope SF will go further in building more accountable and secure means
for folks in the security industry to be able to communicate with each
other over time, but drawing a line in the sand at this absurdity is a
good first step.

-Dave

-------------------
David J. Meltzer
djm@intrusec.com
CTO, Intrusec, Inc.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button,
anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT