[67224] in North American Network Operators' Group
Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Feb 5 14:59:33 2004
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Rubens Kuhl Jr." <rubens@email.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 05 Feb 2004 17:37:48 -0200."
<02e501c3ec1f$9a833fe0$020ba8c0@NOTEBOOK>
Date: Thu, 05 Feb 2004 14:56:13 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <02e501c3ec1f$9a833fe0$020ba8c0@NOTEBOOK>, "Rubens Kuhl Jr." writes:
>
>
>
>Isn't it curious that two unrelated issues have been reported to CheckPoint
>at the same day and the patches came out on the same day ?
>Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
>bugs and they agreed with ISS which date would be stated as notification to
>CP to make it appears that a quick response (two days) has been achieved on
>those issues ?
Why is that bad? I have no objection to giving vendors a reasonable
amount of time to fix problems before announcing the whole. Or is your
point that two days hardly seems like enough time to develop -- and
*test* -- a fix?
--Steve Bellovin, http://www.research.att.com/~smb
