Date: Thu, 3 Mar 2011 16:44:26 -0500 (EST) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: Vendor-sec hosting and future of closed lists On Thu, 3 Mar 2011, Kees Cook wrote: > This certainly underscores that very few flaws need vendor-sec > coordination, but I would suspect that out of those roughly 725 flaws, > many of the really critical ones came through vendor-sec. As an outsider with limited visibility into vendor-sec, this would be my impression too. I would imagine that things like major protocol design flaws or critical, hard-to-fix bugs in popular software would still need coordination across multiple parties with a need for non-disclosure for a relatively long period of time. Maybe vendor-sec-2 could handle that need. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.