Ben Laurie <[EMAIL PROTECTED]> writes: > Certainly when I've dealt with CERT they've asked before sharing. Or, > at least, claimed to. Is this not the case?
There FAQ (http://www.cert.org/faq/cert_faq.html#C8) suggests that they regularly share with ISA members. | We also send vulnerability information to others who can contribute to | the solution and with whom we have a trusted relationship. In addition | to vendors, this may include experts in the community, CERT/CC | sponsors, and members of the Internet Security Alliance (including | private sector organizations). I'm not sure if the sharing is optional. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
