[82697] in North American Network Operators' Group
RE: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Thu Jul 28 00:23:06 2005
Date: Thu, 28 Jul 2005 00:22:37 -0400
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>,
<nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
> ..and of course:
>=20
> "Cisco Denies Router Vulnerability Claims"
>=20
> [snip]
Of course. That's how a broken vuln system works. :-)
The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in "the system"
because $vendor is dealing with people usually more qualified than
themselves to make a decision on who needs to know and make one
independant of revenue<-- .
$vendor is probably not the best person to decide who
gets on the secret-15 lists et. al.
-M<
=20
