* Georgi Guninski: > so you approve gaining pseudo credibility by practicing mouse copy/paste? > > then this pseudo credibility leads to corporate serving/licking like: > "responsible disclosure rfc" - search for it. > > not than coley is consistent at all (besides lacking completeness): > http://www.cve.mitre.org/board/archives/2002-02/msg00026.html > ------------------- > - The Board has agreed that CNAs should not reserve candidates for > people who do not practice responsible disclosure (candidates would > be assigned *after* publication). I hope that this document, or a > later version, will become part of the "definition" of responsible > disclosure. > -------------------
Yes, this puzzles me too, but on the other hand, Debian became a CNA, and Debian's official policy is geared away from "responsible disclosure" -- all bug reports are supposed to be public. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
