[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.58.0509162059080.28233@kungfunix.net>
Date: Sat Sep 17 02:01:39 2005
From: sil at infiltrated.net (J. Oquendo)
Subject: Ethics and ramblins on Full DissClosure
Youo know I was thinking about how ironic it is that one should mention
"Full Disclosure" and "responsibility" in the same paragraph. How many
more redundant threads will one have to parse through regarding the
irresponsibilities of vendors who won't release a fix in a timely manner.
Then read more threads on how irresponsible people are for disclosing
vulnerabilities without contacting a vendor, or not waiting long enough
before releasing their disclosure.
Look it does not take a rocket scientist to figure out that vendors need
at least one or two years to fix their problems. Far too many times
though, people in the computer security industry wrongfully think that
corporations like Microsloth, Scam-mantec, Crisco, Oralckle, Crapafee and
others are solely after something as trivial as money or investments via
stock markets.
Let's be honest and forthright about the whole security industry nowadays.
It has not become a multibillion dollar industry filled with companies
gobbling up other companies, injecting FUD into the market to sell an
insecure product and make millions. Nope. The real answer is that
companies are creating wonderful products that are "powered by the
systems that take you where you want to go today". Those products often
don't have real issues its those god awful hackers, crackers, slackers and
open source people who are the real problem in this industry.
Someone should create a consortium to eradicate those who tinker and break
these wonderful products. Perhaps a "clean up squad" to ensure that no one
maliciously posts information that could break the Interweb and leak out
the kind of information that could lead to my indentity from being stolen.
I mean, its not like I have to worry about anyone outside of those
companies in the technology field to do something stupid like leak my
information [1][2][3][4].
The perfect consortium would consist of trustworthy companies like
Microsloth, Oralckle, Crisco, Scam-mantec, Crapafee. Their task would be
to ensure enough money and resources are available to bury someone in the
legal system with lawsuits, threats, even military-like "wet ops" to
ensure nothing is ever broken in the technology field again.
[1] http://www.msnbc.msn.com/id/8119720/
[2] http://news.com.com/Bank+of+America+loses+a+million+customer+records/2100-1029_3-5590989.html
[3] http://www.vnunet.com/vnunet/news/2138274/credit-card-hack-sets-record
[4] http://www.infoworld.com/articles/hn/xml/01/03/06/010306hnbiblio.html?0306alert
[5] http://www.cbc.ca/story/business/national/2005/06/17/equifax-050617.html
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89
"Just one more time for the sake of sanity tell me why
explain the gravity that drove you to this..." Assemblage
Powered by blists - more mailing lists