[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <MAILr3MJw0zmN1pHUcQ00000183@entrenchtech.com>
Date: Sun, 4 Jul 2004 21:38:49 -0600
From: "Steve W. Manzuik" <steve@...renchtech.com>
To: "'dave'" <dave@...unitysec.com>, "'OIS'" <announcements@...afety.org>
Cc: <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>, <bugtraq@...urityfocus.com>,
<full-disclosure@...ts.netsys.com>
Subject: RE: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
Interesting they skipped VulnWatch in this mailing.........
> -----Original Message-----
> From: dailydave-bounces@...ts.immunitysec.com
> [mailto:dailydave-bounces@...ts.immunitysec.com] On Behalf Of dave
> Sent: Sunday, July 04, 2004 11:19 AM
> To: OIS
> Cc: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM;
> bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
> Subject: [Dailydave] Re: [Full-Disclosure] Public Review of
> OIS Security Vulnerability Reporting and Response Guidelines
>
> Nobody trusts the OIS or its motives. I imagine this is
> similar to the feedback you've gotten from everyone else as
> well, but Immunity has no plans to subscribe to your
> guidelines, and is going to oppose any efforts you make to
> legislate those guidelines as law. In section 1.1 the draft
> proposes that the purpose of the OIS's model is to protect
> systems from vulnerabilities. This is fairly obviously untrue
> - the purpose of the OIS is to lobby towards a business model
> for Microsoft and the other OIS members that involves the
> removal of non-compliant security researchers.
>
> This call for feedback is a thinly disguised attempt to get
> public legitimacy and allow the OIS to claim it has community
> backing, which it clearly does not.
>
> It's rare, but there are still security companies and
> individuals who do not owe their entire business to money
> from Microsoft. It's July 4th.
> and some of us are Americans who understand the concept of
> independance.
>
> Dave Aitel
> Immunity, Inc.
>
>
>
>
> OIS wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > The Organization for Internet Safety (OIS) extends an invitation to
> > the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
> > lists to participate in the ongoing public review of the
> OIS Security
> > Vulnerability Reporting and Response Guidelines.
> > The OIS reviews the Guidelines annually to ensure that they remain
> > useful and relevant to the security community and, most
> importantly,
> > to the millions of computer users who are the ultimate
> beneficiaries
> > of effective computer security practices. Over the past
> year, OIS has
> > received feedback from many adopters of the Guidelines as
> well as from
> > several public-private partnerships, and have incorporated much of
> > this feedback into an interim version that is available at
> > http://www.oisafety.org/review/draft-1.5.pdf. We recommend
> reviewing
> > the interim version, but reviewers are welcome to provide
> feedback on
> > the original version at
> http://www.oisafety.org/reference/process.pdf
> > if they would like.
> >
> > For more information on the public review, please visit
> > http://www.oisafety.org/review-1.5.html. The closing date for the
> > review has been extended until 16 July 2004. We look
> forward to your
> > feedback.
> >
> > Regards,
> >
> > The Organization for Internet Safety
> > www.oisafety.org
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0.3
> >
> > iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
> > KWNTvxgQVKXiC1OU9CR/rXYF
> > =4mT/
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave@...ts.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists