Re: Product review postings (was Administrivia)

From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 18:01:22 EDT

• Next message: Alfred Huger: "Re: Product review postings - Suggested Solution"
• Previous message: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• In reply to: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Next in thread: Anthony R. Plastino III: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>>Careful, Al. That's an awfully big brush you're using to delineate
>>lack and white.

No, in this case I do not think so.

>From SF's own website:
>http://216.239.33.104/search?q=cache:ExzrKawYOn4J:www.securityfocus.com/news/3>23+sued+product+review&hl=en&ie=UTF-8

>NAI sued over their review ban. While true that NAI did not itself sue
>a reviewer, it came close.

I can speak to this directly given in a former life I was director at NAI
running product teams and was pretty familiar with their EULA and its
restrictive covenants. The decision was obviously not a good one but its
not the issue at stake here. They never did sue anyone and nor would they
have. That they came close, as you state, is news to me and I was there.
The negative press alone would have stopped the idea cold in its tracks.
Reviews which were not sanctioned were not unusual and they were not ever
litigated.

>It should also serve to illustrate how the courts, and a few prominent
>members of this industry, feel about such censorship or otherwise
>chilling effects.

I don't think it does really but again this argument will be circular to
say the least.

>Then, there's the lawsuit Blackboard brought earlier this year:

If I remember correctly it was a restraining order not a lawsuit. Further
it was about vuln disclosure which is a totally separate discussion.

>Though it contained vulnerabilities, one could term the disclosure a
>comprehensive review of the product.

You could and like I said earlier there are good Forums for that, this is
not one of them.

>So, we now find ourselves playing semantic games revolving around what
>constitutes a "product review" versus what constitutes a "vulnerability
>disclosure".

It appears so.

>That, to me, appears to be a slippery slope best avoided.

Yes it is but its still an issue that needs to be addressed for this
forum. Hard or otherwise.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

• Next message: Alfred Huger: "Re: Product review postings - Suggested Solution"
• Previous message: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• In reply to: Mark C. Langston: "Re: Product review postings (was Administrivia)"
• Next in thread: Anthony R. Plastino III: "RE: Product review postings (was Administrivia)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT