[491] in bugtraq
Re: Security through obscurity, etc.
daemon@ATHENA.MIT.EDU (David Miller)
Tue Dec 13 12:06:57 1994
Date: Tue, 13 Dec 1994 09:36:32 -0500 (EST)
From: David Miller <isdmill@gatekeeper.ddp.state.me.us>
To: Jason Matthews <jason@dickory.sdsu.edu>
Cc: "That Whispering Wolf..." <elfchief@lupine.org>, bugtraq@fc.net
In-Reply-To: <Pine.3.87.9412121206.A3936-0100000@dickory>
On Mon, 12 Dec 1994, Jason Matthews wrote:
> On Tue, 29 Nov 1994, That Whispering Wolf... wrote:
>
[...]
> > Well, this is just my $.02. I think if 8lgm continues they way they're
> > going (with things like their SCO 'login' problem -- Which basically said "There's a bug, no fix and no workaround, so nyah"), I'd rather just see them
> > go away. I echo Pat's comments (I think that was Pat) about only needing
> > one CERT.
>
> I would rather have 8lgm then CERT.
>
> Jason
So would I. And the reason for this is that with 8lgm there is a
credible threat for near term disclosure: enough of a threat to force the
vendors to react. Reporting bugs to CERT does nothing to motivate vendors.
--- David
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
