From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 14:39:21 EDT
On Tue, 8 Jul 2003, Keith T. Morgan wrote:
>
> > No, I was dead serious. People who use this list to attack other
> > people under the veil of anonymity with the *sole* purpose of
> > devaluing their product or service will get axed. I see no place for
> > the here and it violates the spirit of this entire site and its lists.
> > Having said that Ive never actually axed anyone from all of our lists
> > .
>
> That's good. However, I think you have a real challenge in front of you
> attempting to determine motives. Any vulnerability announcement would
> seem to have a "devaluing" effect on a product or service. I also think
> that unsubscribing a list member would have little effect.
> Resubscribing under another email address takes all of ten minutes.
Vulnerabilities live on Bugtraq or other such like lists and are in no way
governed by this policy.
>
> I also feel that some level of anonymity should be in place to protect
> posters from vendors. I'm not saying that folks should be able to post
> libelous statements, but is that the moderator's place to decide?
> What's libelous, what's true, what's untrue, what's real and unreal?
No, it's not. It is my place though to consider both parties and doing my
best to keep it honest. I think accountability goes a long way for this.
Again this is about product reviews not vuln disclosure.
>
> Historically the list has done a pretty good job of policing itself in
> these types of situations. Bogus postings are quickly identified as
> such, bad information is quickly debunked in replies.
Yes it does but I've also typically dropped most product queries because
of the issues I've already mentioned.
Alfred Huger
Symantec Corp.
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT