Whether or not DeepSight fielded a few nibbles from Sapphire before its first successful penetration occurred, one has to ask the question "who cares?"
If DeepSight couldn't tell administrators that their boxes exposed a critical remote exploitable well-known buffer overflow vulnerability then what good is it? How can hundreds of thousands of smart people all focused on system administration, programming, and infosec keep missing the simplest of security flaws? http://enterprisesecurity.symantec.com/content.cfm?articleid=1985&EID=0 "For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
