[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    CERT Bashing, etc
From:       Aleph One <aleph1 () dfw ! net>
Date:       1996-12-19 18:40:00
[Download RAW message or body]

   I am cutting this thread here. BugTraq is not a forum to bash CERT or
discuss their policies. But before I let it go a final thought to think
over. People don't have to post to this list. If they do so it's for the
good of the community. Even groups like SOD that publish exploits every
week. They could just as well post their exploits to some underground
hacker board and let all those HPUX boxes on the net get broken into.
Instead they post them here. Where everyone, including HP, can see them.
Don't kill the messenger as they day.

   It seem people have forgotten what quality software is. We no longer
find the software vendors at fault for providing broken software. Instead
we blame it on those that bring the holes to light. How many more holes
should SOD, or Yuri, or anyone with some free time, post to this list
before you go screaming at your vendor you want your money back? It's not
rocket science. Almost every single vulnerability found fits nicely in one
of few categories. Its not that difficult to check for them before sending
a product to the cd burner.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

[prev in list] [next in list] [prev in thread] [next in thread]