NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2008-q3

Re: [Dailydave] Speculation

From: Thomas Ptacek (tqbfmatasano.com)
Date: Sat Jul 19 2008 - 11:20:38 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We're not talking about what Dan says. We're talking about Dan's
appeal to gag other researchers who find the problem independently.

And while we're on the subject of Dan? CRY ME A RIVER, Paul. Dan got a
massive wave of press in advance of the Black Hat talk which occurs
just coincidentally at the EXACT RIGHT MOMENT for the Internet to find
out about the DNS finding. Dan's got a great talk lined up, and a
clever finding, and he's a big boy and he can deal with the hits he's
taking. He may deserve some of them.

On 7/19/08, Paul Vixie <vixieisc.org> wrote:
> > How about, and this is JUST AN IDEA, we have a system where something
> > other than a cabal of Paul Vixie and Dan Kaminsky deciding who gets to
> > know?
>
>
> dan's the discoverer, and in the current model, the discoverer always gets
> to choose who gets to know. i like this model, since i may be a discoverer
> myself some day, and besides that, i want to encourage discoverers to share
> responsibly, which wouldn't happen if the first thing that happened to them
> was some kind of gag order. (i didn't decide who got to know; dan did.)
>
> are you suggesting that a world where the discoverer doesn't get absolute
> control over the method and schedule of disclosure would be better somehow?
> if so, can you describe that world, and explain why i'd want to live in it?
>
> (in case this isn't obvious, i havn't been enjoying the show. watching dan
> get bitched for doing the best bug disclosure i've ever seen, really sucks.)
>
>
> --
>
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]