Re: Security through obscurity, etc.

Jim Littlefield (little@ragnarok.hks.com)
Wed, 14 Dec 1994 08:17:22 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: hoodr@hoodr.slip.netcom.com: "Re: this is interesting..."
Previous message: hoodr@hoodr.slip.netcom.com: "Re: this is interesting..."
Maybe in reply to: That Whispering Wolf...: "Security through obscurity, etc."
Next in thread: der Mouse: "Re: Security through obscurity, etc."

On Dec 13,  9:04am, James M. Chacon wrote:
:
: ....I'm not really for the 8lgm concept completely, but at least
: there they don't feel this overwhelming need to not hurt the various
: manufacturers feelings....

8lgm gives the vendor some "incentive" to correct the problem in a timely
manner, unlike CERT where the problem is reported only to the affected vendors.
We never hear a peep until (a) we find the same bug as a result of a breakin of
our site, or (b) CERT announces that the vendor (months/years later) has a fix
available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full
disclosure. The initial announcement means a scramble to disable/work around
the problem, but at least I know if my systems are vulnerable.

-- 

Jim Littlefield             "I've got a bad feeling about this..." -- Han Solo
<little@hks.com>

Next message: hoodr@hoodr.slip.netcom.com: "Re: this is interesting..."
Previous message: hoodr@hoodr.slip.netcom.com: "Re: this is interesting..."
Maybe in reply to: That Whispering Wolf...: "Security through obscurity, etc."
Next in thread: der Mouse: "Re: Security through obscurity, etc."