[NOISE] Microsoft continues to mislead public about Windows security

David A Wagner daw at quito.CS.Berkeley.EDU
Fri Jan 12 01:09:25 PST 1996


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601100451.UAA13211 at infinity.c2.org>,
 <kolivet at alpha.c2.org> wrote:
> On Tue, 9 Jan 1996, Frank Willoughby wrote:
> > When a system is breached or a CERT Advisory is issued, this is a major
> > embarassment for the company.
> 
> What are CERT's criteria for a bulletin to be issued?  Would the previously
> mentioned Windows NT and Windows 95 security bugs qualify?

CERT normally won't publish a security warning until the manufacturers
have fixed the bug & offered a patch.  So I doubt the Win95/NT bugs will
be announced by CERT tomorrow.

If you want to publish a bug, CERT is probably not the best place to go.
CERT often ends up sitting on bugs for ages, because nobody knows about
the hole, so nobody can pressure the vendors to fix 'em, so CERT refuses
to release a bulletin-- a vicious cycle.

IMHO, embarassing public pressure often seems to be the quickest way to
get attention & fixes from uncooperative vendors...  But then again, that's
the old "full disclosure" (and "security through obscurity") debate(s).

- -- Dave "a believer in security through caffeine" Wagner
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPWugyoZzwIn1bdtAQFYrgGAyQhuXiFCK36qFdJzEw4PSp2f/oIvpoi+
8peJmKjle86aBlY20SGYQBQoactyKcza
=3NOo
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list