[Reference: http://www.nuclearelephant.com/papers/symantec.html]
If Symantec has it their way, they will want to make it illegal to distribute any information on vulnerabilities, diagnostic tools, and exploit code...leaving companies like them in a position where they will be necessary to the correct operation of a publicly traded company, and nobody to audit the auditors (for QA, back doors, etc.) Take it one step further and these companies could easily operate under a shroud of information secrecy enabling them to generate their own new exploits "in the wild" as a means of increasing revenue keeping corporations in fear of violating securities law by not having a weekly audit for $100,000. I guess I must be paranoid. On Tue, 2003-11-04 at 15:25, Chris Sharp wrote: > I'd bet my ass that ISS/Foundstone/Qualys is behind > this somewhere. Most security companies bottom line > would benefit from this, but the people building the > automated scanning tools can suddenly market > themselves as objective security auditing tools. These > expensive pieces of software suddenly become standards > against which your security is measured. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
