> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Kostas Georgiou
> Sent: 18 February 2005 09:44
> To: [log in to unmask]
> Subject: Re: Security Vulnerability
>
>
> On Fri, Feb 18, 2005 at 09:16:14AM -0000, Cornwall, LA (Linda) wrote:
>
> > I do not think this TB-SUPPORT list should be used for
> information on
> > specific vulnerabilities as anyone can examine the archive
> on the web,
> > also anyone can join without moderation I think by filling in their
> > e-mail address on the web and clickling the box. (I
> certainly was able
> > to join and got the e-mail back virtually instantly.)
>
> An open list is the best place for vulnerabilities i think if
> you want them to get fixed. By not posting them they don't
> magically go away especially since most of them aren't that
> hard to find. Keeping things private just gives you a false
> sense of security....
>
> Kostas
>
I don't agree. Up to now we have been quite lucky that we aren't all
that visible to people outside our own communities who may have
malicious intend. We cannot rely on that continuing to be the case. We
need to ensure that those who need to know about vulnerabilities get to
know about them so they can be fixed, but are not displayed to any
potential hacker until they are fixed.
Linda
|