Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.64.1103031639370.11138@faron.mitre.org>
Date: Thu, 3 Mar 2011 16:44:26 -0500 (EST)
From: "Steven M. Christey" <coley@...-smtp.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Vendor-sec hosting and future of closed lists


On Thu, 3 Mar 2011, Kees Cook wrote:

> This certainly underscores that very few flaws need vendor-sec
> coordination, but I would suspect that out of those roughly 725 flaws,
> many of the really critical ones came through vendor-sec.

As an outsider with limited visibility into vendor-sec, this would be my 
impression too.  I would imagine that things like major protocol design 
flaws or critical, hard-to-fix bugs in popular software would still need 
coordination across multiple parties with a need for non-disclosure for a 
relatively long period of time.  Maybe vendor-sec-2 could handle that 
need.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.