About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Obtain a CVE Identifier
Search CVE
Search NVD
CVE In Use

CVE Compatible Products
NVD for CVE Fix Information
More . . .
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

CVE Community

Editorial Board
Mail List & Meetings Archive
Roles, Tasks, & Qualifications
Adding New Members
Sponsor

CVE In Use

CVE Compatible Products and Services
More . . .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey

To: Russ <Russ.Cooper@rc.on.ca>
Subject: Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
From: aleph1@securityfocus.com
Date: Thu, 21 Sep 2000 20:43:51 -0700
Cc: "'Pascal Meunier'" <pmeunier@cerias.purdue.edu>, cve-editorial-board-list@lists.mitre.org
Delivery-Date: Thu Sep 21 23:46:17 2000
In-Reply-To: <E9A01F52DC939448BBDE44ED2E1C468F107F34@muskie.rc.on.ca>; from Russ.Cooper@RC.ON.CA on Thu, Sep 21, 2000 at 11:06:46PM -0400
References: <E9A01F52DC939448BBDE44ED2E1C468F107F34@muskie.rc.on.ca>
Sender: owner-cve-editorial-board-list@lists.mitre.org

Russ,

  First, no one has suggested that we maintain the status quo. As I've
said a few times already, I think we can all agree things could and should
be done better. What it boils down to is that no one, not you, not Marcus,
not anyone has offered a viable alternative. The best we've heard from
this particular camp is that people that publish vulnerability information
without information the vendors should be sued.  Yeah, thats going to work.
That and a lot of moaning.

  Come up with some viable alternative, then will talk.

  Second, we already been in a position were we threw out the baby. Maybe
you weren't on the Internet in those days, but I was. Let me tell you, it
was not a pretty picture. As much as people bitch about security today
it is no where near as bad as it was back then. That is why full disclosure
came about. It would have never been as successful if things hadn't been
as bad as they were. Maybe things have gone to far in this direction as
well, but going back to the way it was before is not the solution.

  Amputate that, Surgeon.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Follow-Ups:
- Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
  - From: "Marcus J. Ranum" <mjr@nfr.net>

References:
- RE: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
  - From: Russ <Russ.Cooper@rc.on.ca>

Prev by Date: RE: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
Next by Date: Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
Prev by thread: RE: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
Next by thread: Re: Final position RE: [CVEPRI] Handling new vulnerabilities disc overed by Steve Christey
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007