| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Sep 17 02:01:39 2005 From: sil at infiltrated.net (J. Oquendo) Subject: Ethics and ramblins on Full DissClosure Youo know I was thinking about how ironic it is that one should mention "Full Disclosure" and "responsibility" in the same paragraph. How many more redundant threads will one have to parse through regarding the irresponsibilities of vendors who won't release a fix in a timely manner. Then read more threads on how irresponsible people are for disclosing vulnerabilities without contacting a vendor, or not waiting long enough before releasing their disclosure. Look it does not take a rocket scientist to figure out that vendors need at least one or two years to fix their problems. Far too many times though, people in the computer security industry wrongfully think that corporations like Microsloth, Scam-mantec, Crisco, Oralckle, Crapafee and others are solely after something as trivial as money or investments via stock markets. Let's be honest and forthright about the whole security industry nowadays. It has not become a multibillion dollar industry filled with companies gobbling up other companies, injecting FUD into the market to sell an insecure product and make millions. Nope. The real answer is that companies are creating wonderful products that are "powered by the systems that take you where you want to go today". Those products often don't have real issues its those god awful hackers, crackers, slackers and open source people who are the real problem in this industry. Someone should create a consortium to eradicate those who tinker and break these wonderful products. Perhaps a "clean up squad" to ensure that no one maliciously posts information that could break the Interweb and leak out the kind of information that could lead to my indentity from being stolen. I mean, its not like I have to worry about anyone outside of those companies in the technology field to do something stupid like leak my information [1][2][3][4]. The perfect consortium would consist of trustworthy companies like Microsloth, Oralckle, Crisco, Scam-mantec, Crapafee. Their task would be to ensure enough money and resources are available to bury someone in the legal system with lawsuits, threats, even military-like "wet ops" to ensure nothing is ever broken in the technology field again. [1] http://www.msnbc.msn.com/id/8119720/ [2] http://news.com.com/Bank+of+America+loses+a+million+customer+records/2100-1029_3-5590989.html [3] http://www.vnunet.com/vnunet/news/2138274/credit-card-hack-sets-record [4] http://www.infoworld.com/articles/hn/xml/01/03/06/010306hnbiblio.html?0306alert [5] http://www.cbc.ca/story/business/national/2005/06/17/equifax-050617.html =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 "Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage
Powered by blists - more mailing lists