| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.62.0503121624120.7362@stratigery> From: eballen1 at qwest.net (Bruce Ediger) Subject: Re: Microsoft to give holes info to Uncle Samfirst On Sat, 12 Mar 2005, Feher Tamas wrote: > If Microsoft gives fixes info to Uncle Sam first, it gives > USA the exploits first. Note that this may have gone on for some time, and MSFT is not the only culpable vendor: Cambridge security researcher Ross Anderson says in his paper "Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore": --- The US government prefers vulnerabilities in some products to be reported to authority first, so that they can be exploited by law enforcement or intelligence agencies for a while. Vendors are only encouraged to ship patches once outsiders start exploiting the hole too. --- I found this paper at http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf Anderson offers no support for the above statement in his paper. On a more anecdotal level, just after the 1988 Internet Worm, I participated in a discussion at a US defense contractor where a fellow with several clearances claimed that the NSA had dossiers on each operating system, and they knew all the holes in each of them, "Even in VMS".
Powered by blists - more mailing lists