Accountability

Printable View

February 27th, 2002, 07:10 PM
KorpDeath

Accountability

Finally someone pushes for a standard way of reporting bugs and their corresponding fixes. This you have to read....

http://www.vnunet.com/News/1129464

So do you think this will help? :confused:
February 27th, 2002, 07:12 PM
gold eagle

If they all play along it will.
February 27th, 2002, 07:18 PM
KublaiKhan

It could work. And I dare say the Linux community would agree, for the most part.......but Microsoft? I don't think they will. They wouldn't go for something that would show the flaws in their products publicly.......it'd be bad for their image.
February 27th, 2002, 07:23 PM
KorpDeath

But if the IETF pushes it, do you think M$ will have a choice? I don't think they want to alienate themselves anymore than they already are....
February 27th, 2002, 07:29 PM
gold eagle

Hopefully they can get msoft to play along. If bill really does change his ways, who are we going to have to blame everything on? I guess oracle.
February 27th, 2002, 07:31 PM
KorpDeath

Or Apple????
February 27th, 2002, 07:47 PM
nabylbt

actually a standart is a great news... ms won't have much of a choice ...specially if the person discovering the bug/vul stands by that standard....
March 6th, 2002, 12:59 AM
souleman

Well, this is a kind of old thread, but I just saw this, and it was related.
http://www.secadministrator.com/Arti...rticleID=24321

Quote:

And I dare say the Linux community would agree, for the most part.......but Microsoft? I don't think they will.

Microsoft was actually a part of this. Kind of scarry thought, isn't it. I assume they probably wanted a mandatory 30 day vendor report, but they did have their say in all this.
March 6th, 2002, 01:28 AM
dking

thats more than "kind of scary" not only does the rvpd not want public diclosure for 30 days but gives extensions on that 30 days where the vendor is not skilled in

way scary
March 6th, 2002, 01:31 AM
dking

not skilled in security
March 6th, 2002, 01:38 AM
KorpDeath

Well then i guess M$ gets 60 days to disclose. Do you honestly think that it will take that long for someone to publish. I mean, I'm all for complying with RFC s (even though you can't ping my box) but someone will disclose the vulnerability before 60 days I'm sure.
March 6th, 2002, 01:39 AM
Shangrila

Well I think it's great in theory but like the rest of you I wonder how well it work in practice. Of course some will fight it but it will be great in the long run. I hope this does become a standard.
March 6th, 2002, 01:40 AM
gold eagle

meanwhile we are all vulnerable for those TWO months while the companies get legal cover?
joy.