| |||||||||||||
Quotes of the weekQuotes of the weekPosted Jul 28, 2008 3:57 UTC (Mon) by JoeBuck (subscriber, #2330)In reply to: Quotes of the week by zooko Parent article: Quotes of the week Viro makes an interesting charge: Going to vendor-sec is a mistake I won't repeat any time soon and I would strongly recommend everybody else to stay the hell away from that morass. It creates inexcusable delays, bounds you to confidentiality and, let's face it, happens to be the prime infiltration target for zero-day exploit traders.
(Log in to post comments)
Quotes of the week Posted Jul 29, 2008 2:39 UTC (Tue) by roelofs (guest, #2599) [Link] Viro makes an interesting charge:
Going to vendor-sec is a mistake I won't repeat any time soon and I would strongly recommend everybody else to stay the hell away from that morass. It creates inexcusable delays, bounds you to confidentiality and, let's face it, happens to be the prime infiltration target for zero-day exploit traders. Which part do you see as the charge, or do you mean the whole thing? It certainly creates delays, but I don't think that's a surprise to any of us. It's also unquestionably a prime infiltration target, but that doesn't imply anyone has yet succeeded in doing so; we ("most of us") simply don't know. Finally, he claims vendor-sec binds you to confidentiality, but that's only if you (and/or your employer) allow it; you (or your employer) can also choose to contact them in write-only fashion, provide a disclosure date, and leave it at that. Without a written and mutually-agreed-to contract, what obligation do you have beyond those of basic courtesy/altruism/etc.? IANAL, but I don't think shrinkwrap provisions would have legal force even if they attempted it, and AFAIK, they haven't attempted it. Greg
|
|||||||||||||