hey, great redux on CERT, but you're forgetting about all the embarrasing leaks of vuln information in advance of CERT advisories!
-paul ----- Original Message ----- From: "Cael Abal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 16, 2003 8:58 AM Subject: Re: [Full-Disclosure] A funny (but real) story for XMAS > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > |> "Join www.osvdb.org to make a better non-corporated vulnerability > |> database since CERT sucks ! " > | > | CERT sucks? Humm... In my UNIX & Security college course, we're being > | told CERT is a great resource for security-related information. Can > | anybody else make a comment on this? Agree? Disagree? > > Hi Chris, > > Depends on which side of the fence you're on. CERT has been criticized > in the past for being frugal with vulnerability information. They don't > publish exploits, for one, which means k1ddi3z prefer FD. :) > > I remember CERT taking some flack about their Vulnerability Catalog > becoming available by subscription a few years ago. Here's an article: > > http://linuxtoday.com/security/2001042600220SCLF > > Oh, and here's a link to the fees: > > http://www.isalliance.org/nam/index2.htm > > It seems that this database is what the people at http://www.osvdb.org > are up in arms over. Interesting idea, their database is a little > barren at the moment though. > > Additionally, one of CERT's security analysts was arrested for > pedophilia-related crimes a few months ago. Folks who don't like CERT > gloated for weeks. > > http://www.pittsburghlive.com/x/tribune-review/news/s_160861.html > > Realistically, CERT is a valuable resource, regardless. > > C > > PS: I have no interest in getting into a flamewar over CERT, > disclosure, or pedophilia. Thanks in advance. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (MingW32) > > iD8DBQE/3w97R2vQ2HfQHfsRAtuOAJ98J3iOL7EwwI4h2x1ECodzGwtshwCcCMX3 > dIufrfrWfNbrdBix4/XYKDE= > =E/La > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
