On Tue, 8 Jul 2003, Mark C. Langston wrote: > So you will now require all vulnerabilities posted to be traceable back > to the individual who discovered and/or publicized the vulnerability?
Of course not but that's not at stake here. This list is not for vuln disclosure there are more appropriate venues for that. Vulnwatch, Bugtraq, Vuln-dev to name a few. > Can you not see the chilling effect this would have? Many > vulnerabilities would not be publicised, and those that were would > quite possibly be actionable under the DMCA. Those that weren't > may still present problems other posters have raised, such as the > advertisement of problems with one's own products (in effect, > anonymous whistleblowing), or with one's own purchases (which would > be a welcome mat for anyone wishing to penetrate that individual's > infrastructure). > When it comes to Full Disclosure I agree. -al --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
