From: Alfred Huger (ah@securityfocus.com)
Date: Tue Jul 08 2003 - 18:39:15 EDT
Mark & all,
I think the points you make below are right on the mark (pardon the pun).
It's been very useful for me to be able to run through this list's
opinions to help clear my own position. Ultimately I do think this is an
issue, that of accountability versus unfettered ability to voice an
opinion regardless of your agenda. It's a very complicated problem
and not one that I am not capable of solving at least not with this list.
If a poster is unknown to the list or the list members it's important to
remember this when forming your opinion of their statements. I do actually
assume that the readers here are capable of doing this but this medium
becomes dulling after a while and people do (like it or not) often pick up
opinions on lists without seriously considering the source. Being at the
center of a large series of mailing lists myself and the other staff here
see it all the time. None of this of course sees me any closer to
resolving this issue. What I do not want to do is limit useful free
discussion. I also however do not want to provide a forum for people
to eviscerate competitors with no accountability to their motives.
When I lay everything out on the table the choices are not ideal. But I
think we may have been provided a reasonable if not ideal alternative.
When product reviews are sent to the list regardless of the source I can
tag them with the caveats Mark brings up in his post. They are quoted
below. Thoughts anyone? Ill be happy to discuss both to the list and
direct to me.
-Al
>
> A few simple rules of thumb when dealing with claims:
>
> 1) if you don't know and trust the reputation of the claimant,
> take such claims with a large grain of salt. This holds true
> for people posting using "real names" as well as nyms.
>
> 2) if you do know and trust the reputation of the claimant,
> it's up to you to decide whether to trust the claim as it stands,
> or to verify the claim to your own satisfaction. People who
> make decisions based on the former, voluntarily sidestepping
> the latter, should hold themselves, not the original claimant,
> to blame.
>
>
> If these rules aren't sufficient when dealing with vendors, "real
> names", and nyms, one wonders whether there has been some significant
> out-of-band noise generated by vendors over ceratin posts? And if
> so, could it be the anti-vendor list stance, and not the (until
> recently) nym-friendly list stance, that's at fault here?
>
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT