| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hggdh at attbi.com (HggdH) Subject: Symantec Buys SecurityFocus, among others.. From: "Muhammad Faisal Rauf Danka" <mfrd@...itudex.com> Sent: Wednesday, July 17, 2002 16:32 Subject: Re: [Full-Disclosure] Symantec Buys SecurityFocus, among others.. (snip) . I mean what do they mean by the vulnerabilities they find ? I think we are talking about two different things here -- vulnerabilities reported via BUGTRAQ, and vulnerabilities found elsewhere (internal research, priviledged access, whatever). Vulnerabilities reported via BUGTRAQ will still be published on BUGTRAQ, in the same timely way it has always been. The others... they might take longer to make it to BUGTRAQ. This is actually not different from what most of those here (us?) do -- when we receive priviledged information on a vulnerability (or when we find one), most of us will maintain secrecy for some time -- so that we can contact the vendor, work out a bypass, play of being a black hat, whatever. At least, we will NOT publish it until we can verify it's authenticity. . What they do is just moderate the damn list, and stop slipping useful . vulnerability details about Microsoft and alike.. wtf? Hold the fire, folks. Make sure it is an enemy you are firing on. Give them time. Symantec is a business, yes, but being a business is not identical to being stupid. The value of BUGTRAQ lies in it's history of being fair. Elias, and now Dave, have always done a very good job on the moderation. We may not always agree with them (I myself have had -- under other encarnations -- difference on points of view with Elias), but it is their right, since they are the moderators. (snip) . looks like another one bites the dust. Again, please remember -- if Symantec decides to censor BUGTRAQ... they will have killed it in a more effective way than any other. BUGTRAQ is followed not because it is SecurityFocus, but because it is BUGTRAQ. If BUGTRAQ will bite the dust, or not, will (hopefully) depend on what Symantec forces in. I certainly hope it will not die because of what one thinks it is, or is not. This would be pure prejudice. ..hggdh..
Powered by blists - more mailing lists