| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Jan 7 16:52:24 2006 From: guninski at guninski.com (Georgi Guninski) Subject: Open Letter on the Interpretation of "Vulnerability Statistics" On Sat, Jan 07, 2006 at 04:59:48PM +0100, Florian Weimer wrote: > * Georgi Guninski: > > > so you approve gaining pseudo credibility by practicing mouse copy/paste? > > > > then this pseudo credibility leads to corporate serving/licking like: > > "responsible disclosure rfc" - search for it. > > > > not than coley is consistent at all (besides lacking completeness): > > http://www.cve.mitre.org/board/archives/2002-02/msg00026.html > > ------------------- > > - The Board has agreed that CNAs should not reserve candidates for > > people who do not practice responsible disclosure (candidates would > > be assigned *after* publication). I hope that this document, or a > > later version, will become part of the "definition" of responsible > > disclosure. > > ------------------- > > Yes, this puzzles me too, but on the other hand, Debian became a CNA, > and Debian's official policy is geared away from "responsible > disclosure" -- all bug reports are supposed to be public. i am surprised that the debian constitution allows participation in such shady organizations. the open source crowd can easily setup a cross open vendor database and the first one of the eleet them to learn of a bug to paste with the mouse. but for strange reasons vendor-sec@....de seems to like mitre. -- where do you want bill gates to go today? <end_of_message>
Powered by blists - more mailing lists