lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3BD76687A1CBD74097E37CB67263AE973559AD@scsetbmail.scsnet.csc.com>
From: emoyle at scsnet.csc.com (Ed Moyle)
Subject: Symantec Buys SecurityFocus, among others..

On Thursday, July 18, 2002 09:40, HggdH [mailto:hggdh@...bi.com] wrote:

> Again, please remember -- if Symantec decides to censor BUGTRAQ... they will
> have killed it in a more effective way than any other. BUGTRAQ is followed
> not because it is SecurityFocus, but because it is BUGTRAQ. If BUGTRAQ will
> bite the dust, or not, will (hopefully) depend on what Symantec forces in. I
> certainly hope it will not die because of what one thinks it is, or is not.
> This would be pure prejudice.

In my humble opinion, it seems like it could be a major conflict of interest
to have the primary vulnerability reporting outlet controlled by a party who
also makes vulnerability scanning and intrusion detections products.  This has 
always been the case under SF, but it is *really* bad now.  Note that
Symantec also announced purchases of Riptech and Recourse yesterday.

It would seem that Symantec would have an edge in updating their product line
before competitors have a chance to update theirs...  Also, not to be cynical
but they have an economic incentive to "play games" with vulnerabilities 
reported through outlets they control (keep in mind that there are no guarantees
about timeliness with respect to when the moderator must act on messages.)  I'm
not saying they would do this; I'm just saying that they would have economic
incentive to do so.

Throughout the years, I have always used BugTraq as a means to "give back" to 
the community; I do not appreciate my gift of free research to the community 
being used to make other people money.  Something needs to be done.  Hopefully,
this list is the answer.

-E


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ