[Dshield] MS again

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Sun Oct 16 18:42:29 GMT 2005


On Fri, 14 Oct 2005 22:45:23 +0200, Tony Earnshaw said:
> With due respect, SANS at RISK (The SANS Institute
> <ConsensusSecurityVulnerabilityAlert at sans.org>) has it again:
> 
> "This was such a huge week for critical new vulnerabilities (thanks
> mainly to Microsoft) that it took an extra day to gather all the data
> on what to do about the vulnerabilities."
> 
> [...]
> 
> So where is CERT?

They may still play a role in incident coordination, but as far as 4-5 years
ago, the best way to describe CERT's advisory-issuing function is "mostly
irrelevant". The biggest problem is that due to their "wait till patches are
available before saying anything" policy, you don't hear anything during the
time when a vulnerability is known and a exploit is circulating....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051016/3851bd35/attachment.bin


More information about the list mailing list