[4783] in WWW Security List Archive
Re: Latest Java hole is Netscape/Sun only
daemon@ATHENA.MIT.EDU (Dan Geer)
Wed Mar 12 10:28:04 1997
To: Thomas Reardon <thomasre@microsoft.com>
Cc: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
In-Reply-To: Your message of "Sun, 09 Mar 1997 18:46:09 EST."
<c=US%a=_%p=msft%l=RED-76-MSG-970310024609Z-218526@INET-03-IMC.itg.microsoft.com>
Date: Wed, 12 Mar 1997 08:36:06 -0500
From: Dan Geer <geer@world.std.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Believe me, this last week has taught us some painful lessons. We'll
try to articulate an overall policy, both in terms of technical reviews
but also public education and annoucements, this coming week. I use the
phrase 'overcommunicate' around here, and I think folks are starting to
grasp it.
Mr. Reardon,
I wish you (all) good luck in this. Security being
generally in the 20% (as opposed to the quick and
easy 80%), I can imagine that you will have some
organizational heritage to overcome. I've been
around for a while and can only suggest that the
ways to get volunteer help on security matters are
either to
(1) claim to be infalliable, or
(2) make your source available for inspection.
--dan
