On Tue, 8 Jul 2003, Alfred Huger wrote:
> I have received some feedback about my earlier post on vendor reviews to
> the list. Much of the feedback has been well thought out. Some of it
> bordered on, well, not so well thought out. None the less enough of it has
> come through that Ill start to allow it through and open it up for
> discussion. As many of you have guessed I feel pretty strongly about
> accountability but having said that it looks like its better discussed
> openly. Id like to find some middle ground here that allows for
> accountability and still allows people to post their opinions freely. If
> you want to post here is your chance. Cross posts will not be allowed
> across the list.
I'm glad to see that you've opened the list to commentary. A few
questions though:
(1) You mention "post on vendor reviews". The posting you sent out
appeared to set overall list policy, not merely policy on vendor
reviews. Please clarify whether your policy change is intended to
apply only to postings about vendor products, or to all postings.
(2) Beyond the question of whether you can actually determine whether
a person is posting via an account with a "real name" associated
with it, do you actually believe that the list contents will be
improved by attempting to implement posting approvals based on
appearance rather than content?
(3) Further to the 'real name' question, I presume that the moderator
is able to judge the difference between "Your product sux r0cks"
and "Your product can't push 100Mbit of traffic" - and also
between "Our product will protect your network and make you dinner"
and "Our product is a stateful packet filter".
(4) Despite his feeling strongly about this issue, I'm still shocked that
the esteemable moderator threatened to unsubscribe people from
all securityfocus lists (barring bugtrq) if they didn't comply
with his demands. Perhaps the moderator mis-spoke in the heat
of the momment?
Questions aside, the issue of inappropriate pressure being placed on the
moderator vis a vis stock holdings and other business interests has
been brought up on the full-disclosure mailing list. It would certainly
clear the air if any conflict of interest was plainly stated.
cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes
this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
