Re: Security through obscurity, etc.

littleragnarok.hks.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: hoodrhoodr.slip.netcom.com: "Re: this is interesting..."
• Previous message: hoodrhoodr.slip.netcom.com: "Re: this is interesting..."
• In reply to: James M. Chacon: "Re: Security through obscurity, etc."
• Next in thread: David Miller: "Re: Security through obscurity, etc."

On Dec 13,  9:04am, James M. Chacon wrote:
:
: ....I'm not really for the 8lgm concept completely, but at least
: there they don't feel this overwhelming need to not hurt the various
: manufacturers feelings....

8lgm gives the vendor some "incentive" to correct the problem in a timely
manner, unlike CERT where the problem is reported only to the affected vendors.
We never hear a peep until (a) we find the same bug as a result of a breakin of
our site, or (b) CERT announces that the vendor (months/years later) has a fix
available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full
disclosure. The initial announcement means a scramble to disable/work around
the problem, but at least I know if my systems are vulnerable.

-- 

Jim Littlefield             "I've got a bad feeling about this..." -- Han Solo
<littlehks.com> 

• Next message: hoodrhoodr.slip.netcom.com: "Re: this is interesting..."
• Previous message: hoodrhoodr.slip.netcom.com: "Re: this is interesting..."
• In reply to: James M. Chacon: "Re: Security through obscurity, etc."
• Next in thread: David Miller: "Re: Security through obscurity, etc."