[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A funny (but real) story for XMAS
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] A funny (but real) story for XMAS
- From: Cael Abal <lists@onryou.com>
- Date: Tue, 16 Dec 2003 08:58:20 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
|> "Join www.osvdb.org to make a better non-corporated vulnerability
|> database since CERT sucks ! "
|
| CERT sucks? Humm... In my UNIX & Security college course, we're being
| told CERT is a great resource for security-related information. Can
| anybody else make a comment on this? Agree? Disagree?
Hi Chris,
Depends on which side of the fence you're on. CERT has been criticized
in the past for being frugal with vulnerability information. They don't
publish exploits, for one, which means k1ddi3z prefer FD. :)
I remember CERT taking some flack about their Vulnerability Catalog
becoming available by subscription a few years ago. Here's an article:
http://linuxtoday.com/security/2001042600220SCLF
Oh, and here's a link to the fees:
http://www.isalliance.org/nam/index2.htm
It seems that this database is what the people at http://www.osvdb.org
are up in arms over. Interesting idea, their database is a little
barren at the moment though.
Additionally, one of CERT's security analysts was arrested for
pedophilia-related crimes a few months ago. Folks who don't like CERT
gloated for weeks.
http://www.pittsburghlive.com/x/tribune-review/news/s_160861.html
Realistically, CERT is a valuable resource, regardless.
C
PS: I have no interest in getting into a flamewar over CERT,
disclosure, or pedophilia. Thanks in advance.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQE/3w97R2vQ2HfQHfsRAtuOAJ98J3iOL7EwwI4h2x1ECodzGwtshwCcCMX3
dIufrfrWfNbrdBix4/XYKDE=
=E/La
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html