> > >2) HP does not have a member or liason in FIRST, nor have they had > >any presence at any of the incident response workshops. > > Considering CERT's amazing lack of contribution to improving security, I > consider this a sign of HP's good faith. Some folks want to see security > bugs fixed, not lovingly preserved for the amusement of future generations. This not only evidences ignorance of what FIRST is all about, but is insulting to the two dozen+ other groups in the organization. It also display ignorance about CERT's mission, and about the contributions that they actually have made to security. (Although people conveniently forget them.) Many of us in FIRST groups (myself included) disagree with the way CERT handles some things. But we are all committed to improving the security posture of our constituents. Sun, DEC, Motorola, Apple and Honeywell are all FIRST members, for instance, and I think that is a display of concern for their customers and users. Why aren't HP, SGI and IBM in that list? I doubt it has anything to do with "good faith". --spaf