> I do believe that you should give a company notice of a security problem > with there software 1 month before releasing how to access the security > problem.. > Then if it is not fixed by the company they are liable, if fixed by the > company and, not the user the user should not be a system admin.
when you look at the ISS advisory you'll see the following:
<quote> Vendor Notification Schedule:
Initial vendor notification: 1/13/2003 Initial vendor confirmation: 1/13/2003 Final release schedule confirmation: 1/31/2003 <unquote>
And as the news report it,
the US Gestapo ... err ... Department of Homeland Security
hehehehehehehehehehehehehehehehehehehe... but wait that is true and not very funny at all!.
had the entire matter it under tight wraps to make sure that everyone had time to prepare their patches. This makes it even more suspicious that Sun had no patches ready. Not even for Solaris!
Conspiracy abounds... do they plan to put sendmail out of the server market?
--
With best regards,
Michael Stauber
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
Best Regards, Paul Jacobs / SR. Network Manager Microsoft MCP 2000 / Cisco Certified Design / Install / Troubleshoot / Optimize / Security of WANs / LANs / Data Recovery Mon. - Fri. 9AM - 5PM (619)336-1400 http://www.adv-data.com
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
