* on the Thu, Nov 11, 2010 at 11:17:43AM +0100, JIm Romaguera wrote: > Seriously, cert authorities have often delayed "outing" security holes > from buggy software/hardware manufacturers until they have time to patch > the bug. This has taken sometimes a very long time.
Indeed. This (and the NDA) is why I normally directly contact any other involved organization directly, without contacting cert. And, in case of security holes, go to bugtraq if nothing happens. > How come then that a "maybe" malware infected site (read the previous > poster's comments - one man's malware is another man's security > protection service) has no real time to react and is effectively "nuked". Honeypots? Anyway, as I see it, the whole thing adheres to the usual "the opposite of good is well-meant" approach. That, and it illustrates of course a very bad tendency of having the administration writing laws (well, technically not a "law", but close enough). Cheers Seegras -- "Those who give up essential liberties for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin "It's also true that those who would give up privacy for security are likely to end up with neither." -- Bruce Schneier _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog