| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <MAILr3MJw0zmN1pHUcQ00000183@entrenchtech.com> From: steve at entrenchtech.com (Steve W. Manzuik) Subject: [Dailydave] Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Interesting they skipped VulnWatch in this mailing......... > -----Original Message----- > From: dailydave-bounces@...ts.immunitysec.com > [mailto:dailydave-bounces@...ts.immunitysec.com] On Behalf Of dave > Sent: Sunday, July 04, 2004 11:19 AM > To: OIS > Cc: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM; > bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Subject: [Dailydave] Re: [Full-Disclosure] Public Review of > OIS Security Vulnerability Reporting and Response Guidelines > > Nobody trusts the OIS or its motives. I imagine this is > similar to the feedback you've gotten from everyone else as > well, but Immunity has no plans to subscribe to your > guidelines, and is going to oppose any efforts you make to > legislate those guidelines as law. In section 1.1 the draft > proposes that the purpose of the OIS's model is to protect > systems from vulnerabilities. This is fairly obviously untrue > - the purpose of the OIS is to lobby towards a business model > for Microsoft and the other OIS members that involves the > removal of non-compliant security researchers. > > This call for feedback is a thinly disguised attempt to get > public legitimacy and allow the OIS to claim it has community > backing, which it clearly does not. > > It's rare, but there are still security companies and > individuals who do not owe their entire business to money > from Microsoft. It's July 4th. > and some of us are Americans who understand the concept of > independance. > > Dave Aitel > Immunity, Inc. > > > > > OIS wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > The Organization for Internet Safety (OIS) extends an invitation to > > the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing > > lists to participate in the ongoing public review of the > OIS Security > > Vulnerability Reporting and Response Guidelines. > > The OIS reviews the Guidelines annually to ensure that they remain > > useful and relevant to the security community and, most > importantly, > > to the millions of computer users who are the ultimate > beneficiaries > > of effective computer security practices. Over the past > year, OIS has > > received feedback from many adopters of the Guidelines as > well as from > > several public-private partnerships, and have incorporated much of > > this feedback into an interim version that is available at > > http://www.oisafety.org/review/draft-1.5.pdf. We recommend > reviewing > > the interim version, but reviewers are welcome to provide > feedback on > > the original version at > http://www.oisafety.org/reference/process.pdf > > if they would like. > > > > For more information on the public review, please visit > > http://www.oisafety.org/review-1.5.html. The closing date for the > > review has been extended until 16 July 2004. We look > forward to your > > feedback. > > > > Regards, > > > > The Organization for Internet Safety > > www.oisafety.org > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 8.0.3 > > > > iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz > > KWNTvxgQVKXiC1OU9CR/rXYF > > =4mT/ > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Dailydave mailing list > Dailydave@...ts.immunitysec.com > http://www.immunitysec.com/mailman/listinfo/dailydave >
Powered by blists - more mailing lists