[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Sendmail: If you haven't patched it yet..
- Subject: Re: [cobalt-security] Sendmail: If you haven't patched it yet..
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 5 Mar 2003 19:02:33 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I do believe that you should give a company notice of a security problem
> with there software 1 month before releasing how to access the security
> problem..
> Then if it is not fixed by the company they are liable, if fixed by the
> company and, not the user the user should not be a system admin.
when you look at the ISS advisory you'll see the following:
<quote>
Vendor Notification Schedule:
Initial vendor notification: 1/13/2003
Initial vendor confirmation: 1/13/2003
Final release schedule confirmation: 1/31/2003
<unquote>
And as the news report it, the US Gestapo ... err ... Department of Homeland
Security had the entire matter it under tight wraps to make sure that
everyone had time to prepare their patches. This makes it even more
suspicious that Sun had no patches ready. Not even for Solaris!
--
With best regards,
Michael Stauber