|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Paul Vixie (vixie
isc.org)
Date: Sat Jul 19 2008 - 09:22:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Those of us outside the research community who have to advise management
> cannot tell our executives "trust Dan." We have to be able to weigh
> costs vs benefits, implementation details, and the like. I'm glad people
> here and elsewhere have tried to figure this out, since it gives details
> to guide my recommendations.
would you have preferred that the attack vector be completely published on
day 1, rather than a cert advisory with details to follow a month later at
defcon, so that your recommendations could be completely informed? note
that in that case it would also go in the wild before you could patch. is
that what you want the next discoverer to do for you?
note, it's not just "trust dan." dan looped in a powerful group of dns
folks, each of whom was heard to speak the words "oh, shit!" and we have
been making the rounds, lending our names to this.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]