Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Dailydave] Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: Steve W. Manzuik (steveentrenchtech.com)
Date: Sun Jul 04 2004 - 22:38:49 CDT
Interesting they skipped VulnWatch in this mailing.........
> -----Original Message-----
> From: dailydave-bounceslists.immunitysec.com
> [mailto:dailydave-bounceslists.immunitysec.com] On Behalf Of dave
> Sent: Sunday, July 04, 2004 11:19 AM
> To: OIS
> Cc: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM;
> bugtraqsecurityfocus.com; full-disclosurelists.netsys.com
> Subject: [Dailydave] Re: [Full-Disclosure] Public Review of
> OIS Security Vulnerability Reporting and Response Guidelines
> Nobody trusts the OIS or its motives. I imagine this is
> similar to the feedback you've gotten from everyone else as
> well, but Immunity has no plans to subscribe to your
> guidelines, and is going to oppose any efforts you make to
> legislate those guidelines as law. In section 1.1 the draft
> proposes that the purpose of the OIS's model is to protect
> systems from vulnerabilities. This is fairly obviously untrue
> - the purpose of the OIS is to lobby towards a business model
> for Microsoft and the other OIS members that involves the
> removal of non-compliant security researchers.
> This call for feedback is a thinly disguised attempt to get
> public legitimacy and allow the OIS to claim it has community
> backing, which it clearly does not.
> It's rare, but there are still security companies and
> individuals who do not owe their entire business to money
> from Microsoft. It's July 4th.
> and some of us are Americans who understand the concept of
> Dave Aitel
> Immunity, Inc.
> OIS wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > The Organization for Internet Safety (OIS) extends an invitation to
> > the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
> > lists to participate in the ongoing public review of the
> OIS Security
> > Vulnerability Reporting and Response Guidelines.
> > The OIS reviews the Guidelines annually to ensure that they remain
> > useful and relevant to the security community and, most
> > to the millions of computer users who are the ultimate
> > of effective computer security practices. Over the past
> year, OIS has
> > received feedback from many adopters of the Guidelines as
> well as from
> > several public-private partnerships, and have incorporated much of
> > this feedback into an interim version that is available at
> > http://www.oisafety.org/review/draft-1.5.pdf. We recommend
> > the interim version, but reviewers are welcome to provide
> feedback on
> > the original version at
> > if they would like.
> > For more information on the public review, please visit
> > http://www.oisafety.org/review-1.5.html. The closing date for the
> > review has been extended until 16 July 2004. We look
> forward to your
> > feedback.
> > Regards,
> > The Organization for Internet Safety
> > www.oisafety.org
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0.3
> > iQA/AwUBQOWQgbF9hclyvjnOEQIhmACfYlaHX2NnJbHUCaCYfMHO4tkGDh0AoMzz
> > KWNTvxgQVKXiC1OU9CR/rXYF
> > =4mT/
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> Dailydave mailing list
Full-Disclosure - We believe in it.