hellNbak <[EMAIL PROTECTED]> writes: > Source? URL? Article? I personally would be very surprised if this > happened. But stranger things have happened.
I've got the following quote from Computerzeitung, but no direct URL: | Bugtraq wird den Industrienormen f�r Security-Ver�ffentlichungen | folgen, wie es das heute bereits tut. Es gibt immer Verz�gerungen, | sogar bei Bugtraq: Die Sicherheitsl�cke muss verifiziert und der | Hersteller alarmiert werden. Typischerweise r�umt man ihm immer eine | Gef�lligkeitszeit ein, um einen Patch zu entwickeln. Diesen Standard | werden wir beibehalten. John Schwarz, Chief Operating Office, Symantec. Approximate translation: Bugtraq will follow the industry norms for security disclosures, like it does now. There are always delays, even with Bugtraq: A security vulnerability has to be verified, and the vendor has to be alarmed. Typically, the vendor gets a grace period to develop a patch. We will keep this standard. (Sorry, English isn't my native tongue.) -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
