lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3E397470.4030602@algroup.co.uk>
From: ben at algroup.co.uk (Ben Laurie)
Subject: CERT, Full Disclosure, and Security By Obscurity

Len Rose wrote:
> With the recent evidence that CERT informed it's paying members about the 
> Sapphire SQL worm before the rest of the world should now indicate that 
> they too are not a useful resource for timely and open security information.

This is news why? CERT told me that is what they wanted to do when I 
was, errm, in dispute with them over timing of the release of the 
OpenSSL holes last year. I believe I mentioned it at the time.

That's one reason I won't pre-notify CERT (or, indeed, anyone else 
[other than the vendor]) anymore.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ