In
<!&!AAAAAAAAAAAYAAAAAAAAAIH+nruO4exAufAxNTnNpHSCxBIAEAAAACA1rFVV8e9NiM0/[email protected]>,
on 04/05/2010
at 10:54 PM, Don Williams <[email protected]> said:
>I agree that the discussion between the reporter and developer should be
>secret, at least until the developer provides a solution or refuses. But
>that's not the question I was trying to comment on. I was more interested
>in the disclosure that IBM (or software vendor) has with their
>customers.
If the vendor discloses it then the conversation between the reporter and
the developer *isn't* private. That may lead to a reluctance to report
integrity exposures at all.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
