[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit

John B. Holmblad jholmblad at aol.com
Thu Aug 18 18:23:00 GMT 2005


Valdis,

I agree that ethics are not necessarily clear cut.

Here is an idea: put laws on the books which require software 
"producers" to respond with a viable fix plan  to notification from law 
enforcement that they have an unpatched vulnerability with an exploit 
available. And at the same time make it legally safe for  producers of 
POC code to submit such code to (and only to) law enforcement and 
encourage such submission (kind of like a so-called "whistleblower"). 
This may be harder to achieve in the U.S. which is more corporate 
friendly than most of the rest of the world but in the EU it might be 
easier to pass such legislation despite the "heat" that would surley 
come from the aofresaid software producers, Microsoft included. In the 
U.S. there is precedent for this kind of imposition of order on the  
free market  with the Occupational Safety and Health Administration 
(OSHA) legislation that requires minimum standards of workplace safety 
and healthfulness. Why not do the same for telecommunications safety 
including the Internet?

-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net



More information about the list mailing list