I just saw this on /.
http://news.cnet.com/news/0-1003-200-5665677.html?tag=mn_hd . It seems
that CERT is going to start charging for "timely" security alerts (upto
$70K depending on the size of the company). Personally, I didn't know
they offered timely alerts, but that's another story all together. If I
remember correctly, CERT is a federally funded program. That means that
our tax money is going to be paying for them to make even more money.
In contrast, the Open Source and Free Software communities, made up of
volunteers, does quite a bit in regards to posting security information
to the world via UG's, Bugtraq, mailing lists, and various security
sites for free. Why would a company pay upto $70K (or even the low-end
$2500) a year for information that they can get for free? Is this yet
another example of the benefits of free information that we can use as
leverage? Also, what sort of damage could CERT cause by withholding
security information for 45+ days?
Just a thought,
Kenny
--
-------------------------------------------------
Kenneth E. Lussier
Geek by nature, Linux by choice
PGP KeyID 0xD71DF198
Public key available @ http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
