|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lincoln Yeoh (lyeoh
POP.JARING.MY)Date: Sat Feb 03 2001 - 00:42:30 CST
At 07:06 AM 2/2/01 -0600, Shalon Wood wrote:
>Cooper <CooperLINUXFAN.COM> writes:
>
>> Now, could someone explain to me why a select list of individuals should
>> get an earlier warning?
>
>I think this is the crux of the matter. Before you can say that this
>is a good idea, you first have to show that some people should get
>early notice. Quite frankly, I can see a *very* strong argument in
>favor of the root servers, CCTLD, &c operators getting advance
Sure, but how will they actually get early notice?
Unless ISC _pays_ people who announce security issues to the closed list
exclusively, I don't see how it's really going to work significantly
better. Why announce to the closed list, vs Bugtraq?
So how about:
The listeners pay.
The bug announcers get paid.
ISC gets what's left.
The more bugs the less ISC gets.
One way to cut costs would be to pay using fancy cheques (stating what
exploit it's for) which would be more likely to be framed up than cashed. ;).
Cheerio,
Link.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]