hey, great redux on CERT, but you're forgetting about all the embarrasing
leaks of vuln information in advance of CERT advisories!
-paul
- Original Message -
From: Cael Abal [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 8:58 AM
Subject: Re: [Full-Disclosure] A
I find CERT most useful to use as a stick against management.
Basically if CERT has come out with a warning before they have acted on the
vulnerability, they know that they have been too slow in reacting.
A CERT release means that this vulnerability is real, extensive and
dangerous and should
of course, CERT, like many federal sites realted to net sec
issues, NIPC, local infrgard chapters, the new homeland sec
dept, all will know after all the sources below have first
fed on the info and rumors for a week or too prior. So, if
CERT truely sucks, it sucks slowly...
CERT is
--- Tri Huynh [EMAIL PROTECTED] wrote:
It looks like this comapany doesn't give a damn about information
privacy, and there is also a possibility that they are
the spammers too. If you guys have have any info about this
company, please contact [EMAIL PROTECTED] and i love
to gather more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| Join www.osvdb.org to make a better non-corporated vulnerability
| database since CERT sucks !
|
| CERT sucks? Humm... In my UNIX Security college course, we're being
| told CERT is a great resource for security-related information. Can
| anybody
I agree with your professor. I don't use the CERT site on a daily, or even
weekly basis like I do sans.org, but when I need information from it, it's
always been relevant, accurate (as far as I can tell) and up to date. What
exactly is supposed to suck about the site, I wonder??
Jeff Stebelton
At 09:38 AM 12/16/2003 -0500, [EMAIL PROTECTED] wrote:
What
exactly is supposed to suck about the site, I wonder??
I don't know that anyone believes the site itself sucks.
There are those who have an objection to the fact that
CERT is taxpayer-funded, yet charges a fee for its 'premium'
services;
Tri, all..
Since this *IS* security/privacy-related, I *WILL* respond to this...
We all feel so honored that you will respond to this sheesh
- Original Message -
From: Christopher Parker [EMAIL PROTECTED]
To: Tri Huynh [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Cael Abal
Sent: Tuesday, December 16, 2003 7:58 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] A funny (but real) story for XMAS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| Join
Chris,
CERT does not suck anymore than Microsoft sucks or Bush sucks.
CERT is a resource, albeit not a timely one. Consider - Saddam is captured.
Who knows first? The people who actually capture him. Who knows next? The
people whom the first group tells. Who knows next? Probably Fox News (they
of course, CERT, like many federal sites realted to net sec issues, NIPC,
local infrgard chapters, the new homeland sec dept, all will know after
all the sources below have first fed on the info and rumors for a week or
too prior. So, if CERT truely sucks, it sucks slowly...
Thanks,
Ron
The reason OSVDB isn't well populated yet is that each
vulnerability has to be evaluated and written up afresh
in order to avoid violating any existing DB's copyrights.
That takes time. If you want to shorten that time, go
volunteer. :-)
I like the idea of osvdb, I have concerns about the
12 matches
Mail list logo