RE: Product review postings (was Administrivia)

From: James Stibbards (jstibbar@cigital.com)
Date: Wed Jul 09 2003 - 11:41:31 EDT


*de-lurk*

Martyn, that sounds reasonable, except for the part about all the
extra work involved, certainly for the moderator. I don't think it's
practical to have an out-of-band submittal mechanism for "full and
complete support for the point/issue being made". I like the intent,
but not the resulting process burden.

I think the practical solution is to let people post anonymously, and
let us consumers regard the source as reliable/or not and the content
as useful/or not, based on our needs at the time.

Regards,
- James

James W. Stibbards
Sr. Security Consultant, Cigital, Inc.
email: jstibbards@cigital.com
phone: (703) 404-5750

-----Original Message-----
From: martyn.a.roberts@bt.com [mailto:martyn.a.roberts@bt.com]
Sent: Wednesday, July 09, 2003 5:02 AM
To: ah@securityfocus.com
Cc: pen-test@securityfocus.com
Subject: RE: Product review postings (was Administrivia)

Hi,

>From a regular reader but an infrequent poster.

I see some of the issues with allowing anonymous posts/reviews as well as
some of the losses that may arise from not permitting them.

Could not some of the problems be overcome by something similar to the
following:

Anonymous posts are allowed only if full and complete support for the
point/issue being made also has to be submitted. If full and complete proof
cannot be supplied. Say for example it is case where you must do A whilst
watching B. In this case the details to reproduce this behaviour (as is
published in peer reveived journals) must be supplied. Then the moderator if
they have time (not likely in most cases I know) can test/check or maybe
post a message (I have a report that X has an issue, I need help to confirm
this, non-anonymous help is requested, the following equipment is needed for
this task ...)
After a succesful confirmation the original issue can be posted.

The above would help in that we would still have access to information that
a person (for work, financial whatever reasons) wishes to disown, but that
has an extra (but not too onerous) work effort and so hopefully will not be
trivially abused and has also been shown to be true.

Maybe things like the anonymous poster also needing to supply to the
moderator an email contact that remains anonymous but that is used for
correspondance. This may well generate too much work for the moderator
(comments Al.)

Cheers,
M.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged. The information contained herein is intended
solely for the recipient and use by any other party is not authorized. If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited. If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message. Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT