[82733] in North American Network Operators' Group
Re: Cisco cover up
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 28 14:20:41 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: James Baldwin <jbaldwin@antinode.net>
Cc: Joseph S D Yao <jsdy@center.osis.gov>, nanog@merit.edu
Date: Thu, 28 Jul 2005 20:16:48 +0200
In-Reply-To: <14F2A409-4019-45C3-8E00-285A9DD9DB9E@antinode.net> (James
Baldwin's message of "Thu, 28 Jul 2005 14:04:28 -0400")
Errors-To: owner-nanog@merit.edu
* James Baldwin:
> On Jul 28, 2005, at 1:50 PM, Joseph S D Yao wrote:
>
>> Given that it was clear that Lynn had NDA access to the Cisco
>> source code already, it seems pretty clear that the original poster
>> wasn't even speculating that he had stolen it, but to potential
>> exploiters' having done so. Eh?
>
> Lynn did not have NDA access to the Cisco source.
But this bug was probably coordinated via IT-ISAC, and ISS, as its
host organization, had access to some information provided by Cisco
under NDA. ISS might have some kind of Chinese Wall, but depending on
their contracts, this may or may not affected what they can disclose
at what time.
All in all, this doesn't look like the typical "vendor tries to
squelch independent research" incident. I also wonder what the impact
on the IT-ISAC information sharing club will be, and on the future of
ISS as a company.
