Chris, CERT does not "suck" anymore than Microsoft "sucks" or Bush "sucks". CERT is a resource, albeit not a timely one. Consider - Saddam is captured. Who knows first? The people who actually capture him. Who knows next? The people whom the first group tells. Who knows next? Probably Fox News (they seem to have a jump on other networks) followed closely by CNN, UP, AP, the networks, etc. When does the story show up in the newspaper? Two days later (since the story broke after the Sunday paper went to press). Does that mean that the newspaper "sucks"? No, it still is an excellent resource, albeit not very timely. In the security community, time matters very much. If I just finished writing the new latest and greatest exploit for Windows, only I know about it. CERT has no clue, and won't have a clue until the exploit gets share/used/distributed/observed/confirmed. By then, you and your customers may be the unlucky recipients of the exploit's effects. CERT may then present a terrific accurate writeup, but that does no good for the people who are affected.
So what are the "best" resources? Number one is the hacker community. if you are a hacker, and you write and share exploits, then you are in the group that has the most clue. Next would be the hacker community's friends and family (or whomever they share information with). Next is probably communities like FD, where either hackers or hacker community F&F (or else people who are affected by the exploits) hang out. Continue up the food chain as illustrated and you will see that he people who *only* get their info from CERT/CIAC/SANS/whatever are considered to have less clue because they are that much more removed from the center of the action. The best resource is to be one of the hackers^H^H^H^H^H^H^Hsecurity researchers =;^) G On or about 2003.12.16 05:03:58 +0000, Christopher Parker ([EMAIL PROTECTED]) said: > > "Join www.osvdb.org to make a better non-corporated vulnerability database > > since CERT sucks ! " > > CERT sucks? Humm... In my UNIX & Security college course, we're being > told CERT is a great resource for security-related information. Can > anybody else make a comment on this? Agree? Disagree? > > Thanks. -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html