[82955] in North American Network Operators' Group
RE: "Cisco gate" and "Meet the Fed" at Defcon....
daemon@ATHENA.MIT.EDU (Neil J. McRae)
Tue Aug 2 09:36:43 2005
From: "Neil J. McRae" <neil@DOMINO.ORG>
To: "'Christopher L. Morrow'" <christopher.morrow@mci.com>
Cc: <nanog@merit.edu>
Date: Tue, 2 Aug 2005 14:36:07 +0100
In-Reply-To: <Pine.GSO.4.58.0508021302140.3650@parapet.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
So yes then.
> no... not really, not originally, it got morphed into
> something different :( So, the ciscogate paranoia, as near as
> I saw, got down to: "cisco wont tell people about vulns as
> soon as they know about them" (or some version of I don't get
> to know fast enough about vulns from a vendor, while we
> currently bash on cisco)
>
> With that in mind, the example 2500 above is a cisco box,
> running old code because it can't be upgraded to current
> code. Cisco is reluctant to tell folks in public about
> vulnerabilities without there beig fixes for the problem in
> as much running code as possible.
>
> -Chris
>
