[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3E3AA263.5060405@guninski.com>
From: guninski at guninski.com (Georgi Guninski)
Subject: CERT, Full Disclosure, and Security By Obscurity
KF wrote:
> Blue Boar wrote:
>
>> Georgi Guninski wrote:
>>
>>> Recently when I notified some vendors about a vulnerability, I wrote
>>> something like a license agreement that the info should not be
>>> disclosed to m$, cert, mitre, sf and others.
>
>
>> What have you got against Mitre?
>
>
> I have certainly seen some of the folks at Mitre go out of their way to
> get things documented properly and other things of that nature quite a
> few times. Steven M. Christey in particular...
>
Steven M. Christey proposed the responsible disclosure lame draft and signed it.
I find it quite hipocritical to propose delaying of information, and at the same
time mitre to get the 0days before they are released.
Georgi Guninski
http://www.guninski.com
Powered by blists - more mailing lists