[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-elitists
Subject: [linux-elitists] Security Vendor Cuts Ties With CERT
From: James Morris <jmorris () intercode ! com ! au>
Date: 2003-01-29 11:32:41
[Download RAW message or body]
http://www.eweek.com/print_article/0,3668,a=36382,00.asp
January 28, 2003 Security Vendor Cuts Ties With CERT
By Dennis Fisher
A prominent U.K.-based security vendor well-known for finding dangerous
vulnerabilities in a variety of software said on Monday that it would
no longer work with the CERT Coordination Center after CERT personnel
gave advance notice of several new vulnerabilities to a software vendor
and some government officials.
Researchers at Next Generation Security Software Ltd. were angered
when a representative from a software vendor told them that CERT
had a policy of providing advance information on vulnerabilities
to some organizations and government agencies, which pay for this
privilege. Mark Litchfield, co-founder of NGS Software, said he was
unaware of the policy and was unhappy that CERT was collecting money
for research that his company had done. While he acknowledged that
CERT is a non-profit organization, Litchfield disputes its right to
charge for others' work.
[snip]
IMHO, this violates an important trust relationship with the community,
and seems likely to lead to less reporting and coordination of security
issues.
I'm not sure how long CERT have been doing this, but there are other
organizations which also coordinate security issues and provide advance
information only to paying customers.
- James
--
James Morris
<jmorris@intercode.com.au>
_______________________________________________
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic