lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: steve at entrenchtech.com (Steve W. Manzuik)
Subject: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines

Interesting they skipped VulnWatch in this mailing.........  

> -----Original Message-----
> From: dailydave-bounces@...ts.immunitysec.com 
> [mailto:dailydave-bounces@...ts.immunitysec.com] On Behalf Of dave
> Sent: Sunday, July 04, 2004 11:19 AM
> To: OIS
> Cc: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM; 
> bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
> Subject: [Dailydave] Re: [Full-Disclosure] Public Review of 
> OIS Security Vulnerability Reporting and Response Guidelines
> 
> Nobody trusts the OIS or its motives. I imagine this is 
> similar to the feedback you've gotten from everyone else as 
> well, but Immunity has no plans to subscribe to your 
> guidelines, and is going to oppose any efforts you make to 
> legislate those guidelines as law. In section 1.1 the draft 
> proposes that the purpose of the OIS's model is to protect 
> systems from vulnerabilities. This is fairly obviously untrue 
> - the purpose of the OIS is to lobby towards a business model 
> for Microsoft and the other OIS members that involves the 
> removal of non-compliant security researchers.
> 
> This call for feedback is a thinly disguised attempt to get 
> public legitimacy and allow the OIS to claim it has community 
> backing, which it clearly does not.
> 
> It's rare, but there are still security companies and 
> individuals who do not owe their entire business to money 
> from Microsoft. It's July 4th. 
> and some of us are Americans who understand the concept of 
> independance.
> 
> Dave Aitel
> Immunity, Inc.
> 
> 
> 
> 
> OIS wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > The Organization for Internet Safety (OIS) extends an invitation to 
> > the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing 
> > lists to participate in the ongoing public review of the 
> OIS Security 
> > Vulnerability Reporting and Response Guidelines.
> > The OIS reviews the Guidelines annually to ensure that they remain 
> > useful and relevant to the security community and, most 
> importantly, 
> > to the millions of computer users who are the ultimate 
> beneficiaries 
> > of effective computer security practices.  Over the past 
> year, OIS has 
> > received feedback from many adopters of the Guidelines as 
> well as from 
> > several public-private partnerships, and have incorporated much of 
> > this feedback into an interim version that is available at 
> > http://www.oisafety.org/review/draft-1.5.pdf.  We recommend 
> reviewing 
> > the interim version, but reviewers are welcome to provide 
> feedback on 
> > the original version at 
> http://www.oisafety.org/reference/process.pdf
> > if they would like.
> >
> > For more information on the public review, please visit 
> > http://www.oisafety.org/review-1.5.html.  The closing date for the 
> > review has been extended until 16 July 2004.  We look 
> forward to your 
> > feedback.
> >
> > Regards,
> >
> > The Organization for Internet Safety
> > www.oisafety.org
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0.3
> >
> > iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
> > KWNTvxgQVKXiC1OU9CR/rXYF
> > =4mT/
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave@...ts.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
> 



Powered by blists - more mailing lists