On Thursday 07 August 2003 09:53 am, gridrun wrote: > Vulnerability Disclosure Debate > by gridrun on 8/07/03
<SNIP> > In my humble, personal opinion, this step seeks to maximize income of > several large security firms, as they would release any detailed > information only to paying groups of subscribers... An inherently > dangerous plan, and the argumentation behind it is severely flawed. <SNIP> > Apparently, M$' fix doesnt really fix the problem to its full extent, > and in some cases, is believed to leave machines vulnerable to the > attack. Again, something which was to be discovered by END USERS loading > proof-of-concept exploits and trying them on their own systems. To me, > it makes no sense to blindly trust in a software vendor's patch, when it > has repeately been shown that software vendor's patches often do not > fully provide the anticipated security fixes. > > Obviously, time has NOT yet come to say goodbye to full disclosure, and > doing so would leave end users at the fate of some sotware producers' > industry consortium to take care of OUR security - which they have > repeatedly shown to be incapable of. <SNIP> Hallelujah! I believe you! I believe! We all in the Choir, back here on this bench. Write this up in language that moderates invective, cite specific cases and exploits - then publish away! SF needs articles, SysAdmin needs articles... -- Jeremiah Cornelius, CISSP, CCNA, MCSE email: [EMAIL PROTECTED] "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
