From: batz (batsy@vapour.net)
Date: Wed May 29 2002 - 14:35:09 EDT
On Wed, 29 May 2002, David Litchfield wrote:
:This comment (and some which follow) indicate you've missed on of the key
:points. When the vendor does release a patch NGSSoftware will follow up with
:full details as normal. The VNA is not intended to replace our normally full
:advisory - it simply exists as an interim solution to 'help' ensure vendors
:release patches in a timely fsahion.
Aah, this wasn't clear to me and (evidently) many others. I'm sure it's
in there somewhere, but maybe you could emphasize it a bit more?
:By putting these checks in Typhon, which we've always done, we buy a week or
:two advantage over something like Nessus.
Indeed. I don't see how this process is even inconsistent with the full
disclosure approach. I have admittedly been more of an advocate than a
practitioner of full disclosure, but maybe someone could point out more
clearly how this will deprive the underground of its toys? ;)
Cheers,
-- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT