Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
Date: Tue Jul 06 2004 - 16:21:14 CDT
-----BEGIN PGP SIGNED MESSAGE-----
To add to the 'Nobody trusts the OIS or its motives', I have to state
that those NOT in the US object strenuously to anyone in the US
unilaterally legislating anything that impacts a system used
world-wide, when the 'safety' being legislated is to the benefit of
the US over the rest of the world's concerns. US court rulings in
the area of the Internet, copyright, email privacy, and individual
privacy rights tend to go against the views and rulings in the rest
of the world, making us leery of any US centric legislation, much
less unilateral laws on 'Internet Safety' or security.
On Sun, 04 Jul 2004 13:18:35 -0400, you wrote:
>Nobody trusts the OIS or its motives. I imagine this is similar to
>the feedback you've gotten from everyone else as well, but Immunity
>has no plans to subscribe to your guidelines, and is going to
>efforts you make to legislate those guidelines as law. In section
>1.1 the draft proposes that the purpose of the OIS's model is to
>protect systems from vulnerabilities. This is fairly obviously
>untrue - the purpose of the OIS is to lobby towards a business
>model for Microsoft and the other OIS members that involves the
>removal of non-compliant security researchers.
>This call for feedback is a thinly disguised attempt to get public
>legitimacy and allow the OIS to claim it has community backing,
>which it clearly does not.
>It's rare, but there are still security companies and individuals
>who do not owe their entire business to money from Microsoft. It's
>July 4th. and some of us are Americans who understand the concept
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> The Organization for Internet Safety (OIS) extends an invitation
>> to the readers of the BugTraq, NTBugtraq, and Full-Disclosure
>> mailing lists to participate in the ongoing public review of the
>> OIS Security Vulnerability Reporting and Response Guidelines.
>> The OIS reviews the Guidelines annually to ensure that they remain
>> useful and relevant to the security community and, most
>> importantly, to the millions of computer users who are the
>> ultimate beneficiaries of effective computer security practices.
>> Over the past year, OIS has received feedback from many adopters
>> of the Guidelines as well as from several public-private
>> partnerships, and have incorporated much of this feedback into an
>> interim version that is available at
>> http://www.oisafety.org/review/draft-1.5.pdf. We recommend
>> reviewing the interim version, but reviewers are welcome to
>> provide feedback on the original version at
>> http://www.oisafety.org/reference/process.pdf if they would like.
>> For more information on the public review, please visit
>> http://www.oisafety.org/review-1.5.html. The closing date for the
>> review has been extended until 16 July 2004. We look forward to
>> your feedback.
>> The Organization for Internet Safety
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP 8.0.3
>> -----END PGP SIGNATURE-----
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
-----END PGP SIGNATURE-----
R.S. (Bob) Heuman - Toronto, ON, Canada
Independent Computer Security Consulting
Web Site Auditing for Compliance with Standards
<rshidirect.com> or <rheumanrogers.com>
My opinions - no one else's...
If this is illegal where you are, do not read it!
Full-Disclosure - We believe in it.