| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42333317.7050400@psilanthropy.org> From: hades at psilanthropy.org (Anders Langworthy) Subject: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson wrote: > This "story" really just reflects what has been going on in the real world > for some time now. Yes. Another incident from two years ago that demonstrates this philosophy quite well: [From http://www.eweek.com/article2/0,1759,921855,00.asp] [FEDS MOVE TO SECURE NET] "The most significant move is the development of a private, compartmentalized network that will be used by federal agencies and private-sector experts to share information during large-scale security events... "Sachs...pointed to last week's handling of the critical vulnerability in the Sendmail Mail Transfer Agent package as a prime example of how such back-channel communication between vendors, researchers and the government can help protect end users. Researchers at Internet Security Systems Inc., in Atlanta, discovered the vulnerability in mid-February and immediately notified officials at the White House and the Department of Homeland Security. The government quietly spread the word among federal agencies and, along with ISS, began contacting the affected vendors. After the vendors developed patches, the fixes were deployed quickly on critical government, military and private-sector machines before the official announcement of the vulnerability."
Powered by blists - more mailing lists