Michael Neuman wrote: > >> From spaf@cs.purdue.edu Wed Apr 27 11:52:25 1994 > >> If you are going to direct criticism, direct it where it >> belongs -- at vendors (and at customers who blindly buy the crap some >> vendors put out). > > I'd agree with you EXCEPT I wasn't suggesting CERT should "fix the >bugs faster" as you imply. I'm complaining that they get a report of >a hole, pass it on to the vendors, and that's it. As I said above, I'd >much rather shut down some functionality on my system and wait for >a patch then leave my systems wide open. This is not a criticism of >CERT per se, but just the systems we have in place in general. If CERT >doesn't want this task of sending out advisories that look like, "There's >a problem in rdist, shut it down completely until a patch is available or >else..." than someone else should. > And the added pressure on the vendors by making these things public sooner might help to light a fire under them to get their code cleaned up, which would be a big plus for all of us. -- Ron McDowell - Dell Computer Corp., 512-728-3570 rcm@bullwinkle.us.dell.com "Hey Rocky, watch me pull a rabbit outta my hat!"