From: Gene Spafford <spaf@cs.purdue.edu> Date: Thu, 28 Apr 94 11:00:07 -0500 Subject: Re: UnixWare I've had several people tell me that HP has gotten better recently. I would have mentioned them as good examples, except: 1) I have not seen them make any security patch announcements to any of the established security-related newsgroups or mailing lists. They have, but they seem to vary. Sometimes it's in comp.security.unix, other times it's in comp.sys.hp.whatever. This needs to be standardized. At some point in the past, someone at HP established a mailing list (much like Sun's Customer Warning System) to receive all those announcements. I got added to the list right away; I have *never* received anything from it. 2) HP does not have a member or liason in FIRST, nor have they had any presence at any of the incident response workshops. Nor do they distribute their announcements to CERT/CIAC/FIRST/etc. redistribution through those mailing lists. I think HP *is* getting better. But they've got a ways to go. --Dave