PDA

Click to See Complete Forum and Search --> : Accountability

KorpDeath
February 27th, 2002, 07:10 PM
Finally someone pushes for a standard way of reporting bugs and their corresponding fixes. This you have to read....

http://www.vnunet.com/News/1129464

So do you think this will help? :confused:
gold eagle
February 27th, 2002, 07:12 PM
If they all play along it will.
KublaiKhan
February 27th, 2002, 07:18 PM
It could work. And I dare say the Linux community would agree, for the most part.......but Microsoft? I don't think they will. They wouldn't go for something that would show the flaws in their products publicly.......it'd be bad for their image.
KorpDeath
February 27th, 2002, 07:23 PM
But if the IETF pushes it, do you think M$ will have a choice? I don't think they want to alienate themselves anymore than they already are....
gold eagle
February 27th, 2002, 07:29 PM
Hopefully they can get msoft to play along. If bill really does change his ways, who are we going to have to blame everything on? I guess oracle.
KorpDeath
February 27th, 2002, 07:31 PM
Or Apple????
nabylbt
February 27th, 2002, 07:47 PM
actually a standart is a great news... ms won't have much of a choice ...specially if the person discovering the bug/vul stands by that standard....
souleman
March 6th, 2002, 12:59 AM
Well, this is a kind of old thread, but I just saw this, and it was related.
http://www.secadministrator.com/Articles/Index.cfm?ArticleID=24321

And I dare say the Linux community would agree, for the most part.......but Microsoft? I don't think they will.

Microsoft was actually a part of this. Kind of scarry thought, isn't it. I assume they probably wanted a mandatory 30 day vendor report, but they did have their say in all this.
dking
March 6th, 2002, 01:28 AM
thats more than "kind of scary" not only does the rvpd not want public diclosure for 30 days but gives extensions on that 30 days where the vendor is not skilled in

way scary
dking
March 6th, 2002, 01:31 AM
not skilled in security
KorpDeath
March 6th, 2002, 01:38 AM
Well then i guess M$ gets 60 days to disclose. Do you honestly think that it will take that long for someone to publish. I mean, I'm all for complying with RFC s (even though you can't ping my box) but someone will disclose the vulnerability before 60 days I'm sure.
Shangrila
March 6th, 2002, 01:39 AM
Well I think it's great in theory but like the rest of you I wonder how well it work in practice. Of course some will fight it but it will be great in the long run. I hope this does become a standard.
gold eagle
March 6th, 2002, 01:40 AM
meanwhile we are all vulnerable for those TWO months while the companies get legal cover?
joy.