Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: B Knotts
That has to do with CERT, who have a policy since last year of notifying vendors/distributors first, before publicly announcing a vulnerability.

What exactly is the point of that policy?

117 posted on 11/28/2001 3:11:28 PM PST by danneskjold
[ Post Reply | Private Reply | To 112 | View Replies ]

To: danneskjold
If one were to be less generous than I, one might say "security through obscurity."

The point is, I suppose, to provide a "window" for vendors/authors/etc. to fix bugs before the skr1pt k1dd13s get their hands on the latest 31337 skr1tpz.

But that has never worked as a viable strategy, and if the window is too big, only encourages slackage, and extends the period of actual vulnerabilty for Joe SysAdmin.

124 posted on 11/28/2001 3:15:28 PM PST by B Knotts
[ Post Reply | Private Reply | To 117 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson