[513] in bugtraq
Re: Security through obscurity, etc.
daemon@ATHENA.MIT.EDU (Jim Littlefield)
Wed Dec 14 10:12:03 1994
From: "Jim Littlefield" <little@ragnarok.hks.com>
Date: Wed, 14 Dec 1994 08:17:22 -0500
In-Reply-To: jmc@telecom.ksu.edu (James M. Chacon)
"Re: Security through obscurity, etc." (Dec 13, 9:04am)
To: jmc@telecom.ksu.edu (James M. Chacon), jsz@ramon.bgu.ac.il (jsz)
Cc: jason@dickory.sdsu.edu, elfchief@lupine.org, bugtraq@fc.net
On Dec 13, 9:04am, James M. Chacon wrote:
:
: ....I'm not really for the 8lgm concept completely, but at least
: there they don't feel this overwhelming need to not hurt the various
: manufacturers feelings....
8lgm gives the vendor some "incentive" to correct the problem in a timely
manner, unlike CERT where the problem is reported only to the affected vendors.
We never hear a peep until (a) we find the same bug as a result of a breakin of
our site, or (b) CERT announces that the vendor (months/years later) has a fix
available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full
disclosure. The initial announcement means a scramble to disable/work around
the problem, but at least I know if my systems are vulnerable.
--
Jim Littlefield "I've got a bad feeling about this..." -- Han Solo
<little@hks.com>
