TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Phil,
X-Force is working on releasing signatures from a monthly, to a weekly,
and in the future - daily basis. The signatures are the easy part to create
- the time to market issue is QA (ensuring the signature has low false
positives, no false negatives, and consideration of performance on the
RealSecure engine and documentation), and we release about 30-50 signatures,
along with fixes to the product in each big X-Press Update. The decision to
release an emergency XPU is based on many things including the number of
customers affected, the high priority of a signature, and whether we can
offer a user defined signature first and then put the signature in for our
next release of a big X-Press Update which has been coming out every other
month for RealSecure.
We definitely understand your concerns, and we are working on releasing
updates just like
Anti-Virus companies. I hope I have better explained the process to you, we
are striving to always offer a better product - so your feedback is welcomed
and taken in consideration when planning new releases. If you have
something specific you'd like to see changed or added to the product, please
email [EMAIL PROTECTED] - this email alias is for all of the product
managers at ISS.
Audra
-----Original Message-----
From: Waterbury, Ronald P (Phil), GOVMK [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 8:06 PM
To: Eng, Audra; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Fate Research Labs posting: RealSecure or Real"un"Secure
Audra,
OK, that is an answer to the advisory but why hasn't the RDS vulnerability
been included in the product version upgrades/updates until now or maybe
more importantly, what is the policy/procedure for inclusion of checks in
the RealSecure product? (for instance, when the DDoS threat was new everyone
rushed to get signatures out to protect against it because the perceived
threat level was high- what made ISS decide that DDoS was a high threat?
And why wasn't RDS viewed that way?) RDS was known to be a dangerous
vulnerability (as quoted in the advisory) and has been out for quite a long
time. Having some user defined signature code is OK for a short term
solution but not for a total solution- people expect the product to be
updated by the vendor not by them (for good or bad).
Phil
