Len Rose wrote:
With the recent evidence that CERT informed it's paying members about the Sapphire SQL worm before the rest of the world should now indicate that they too are not a useful resource for timely and open security information.This is news why? CERT told me that is what they wanted to do when I was, errm, in dispute with them over timing of the release of the OpenSSL holes last year. I believe I mentioned it at the time.
That's one reason I won't pre-notify CERT (or, indeed, anyone else [other than the vendor]) anymore.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
