OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ogle Ron (Rennes) (ron.ogle_at_thomson.net)
Date: Tue Oct 01 2002 - 12:01:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You do notice that MITRE is NOT a member. Why? MITRE is mostly a US
    Government sponsored organization, and the US Government through Richard
    Clark has basically endorsed vulnerability discovery and hacking to put
    pressure on companies to produce better software. Kind of ironic, but the
    tactic seems to be working.

    The point is that Steven speaks for himself not that of MITRE. So if the
    security community doesn't put any credence or trust (Microsoft?) into this
    group, then it is good as dead on arrival. It is clear that the US
    Government will not back it.

    The threat would be that Microsoft with its billions would lobby Congress to
    enact some type of law. So we have to be vigilant and poignant from a
    grass-roots level and let the Congressmen know what is right.

    Ron Ogle
    Rennes, France

    > Date: Tue, 01 Oct 2002 14:22:19 +0300
    > From: Georgi Guninski <guninskiguninski.com>
    > Reply-To: guninskiguninski.com
    > To: "Steven M. Christey" <coleylinus.mitre.org>
    > CC: full-disclosurelists.netsys.com
    > Subject: Re: [Full-Disclosure] Organization for Internet
    > Safety (OIS) formally
    > announced
    >
    > So this is a bunch of companies, now what?
    > I want to question the credibilty of this bunch.
    > Everyone can register an .org and claim to be the most
    > important bunch on earth.
    ....
    >
    > Georgi Guninski
    > http://www.guninski.com
    >
    > Steven M. Christey wrote:
    ....
    > > The founding members are: stake, BindView, Caldera
    > International (The
    > > SCO Group), Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI,
    > > and Symantec.
    > >
    > > Note that my employer, MITRE, is not a member of OIS. This often
    > > causes confusion because I have been involved in writing documents
    > > that OIS may use as part of their own policies.
    > >
    ...
    > > The FAQ should be of high interest to anybody who does vulnerability
    > > research.
    > >
    > > - Steve
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    > >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html