lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M) Subject: National Database of Variants with Fixes-non-vendor specific That is why there should be a National Standards Organization for SPAM, Virii, Trojans, etc. etc. This is a critical need there should be an RFC created with a reporting database. All vendors would have be required to report it or they would not meet the International Standards. They would report the fix and a methodology for naming time/place of first origin report etc. per exemplar: A-virus1.1.2004.14:35:01EST.1 alias Mydoom.12 variant. Time stamp found and unique name type if they turn out to be the same variant, then the database purges any newer finds without too many duplications. This is not that difficult it just needs to have a reporting authority. Without a centralized authority on reporting there is no way to effectively combat the threats to the internet. I am seeing great ideas, keep it coming. Jan Clairmont Firewall Administrator/Consultant -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Valdis.Kletnieks@...edu Sent: Tuesday, August 10, 2004 10:47 AM To: Todd Burroughs Cc: Frank Knobbe; full-disclosure@...sys.com Subject: Re: [Full-Disclosure] (no subject) On Tue, 10 Aug 2004 02:02:23 EDT, Todd Burroughs said: > No shit. They should at least get together and come up with some common > naming convention. They need to make some common "naming authority", it's > not difficult, we do it all the time with other software and as mentioned, > in all scientific disciplines. Software gets named over days/weeks. They crank out a new name for an element every few years. These things need names in *MINUTES* - often while the various A/V companies are looking at different copies of a polymorphic, multi-attack piece of malware. 5 blind men and an elephant time... and you want them to agree on a name before they even agree they're looking at the same thing???
Powered by blists - more mailing lists