North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1

  • From: Steven M. Bellovin
  • Date: Thu Feb 05 15:02:19 2004

In message <[email protected]>, "Rubens Kuhl Jr." writes:
>Isn't it curious that two unrelated issues have been reported to CheckPoint
>at the same day and the patches came out on the same day ?
>Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
>bugs and they agreed with ISS which date would be stated as notification to
>CP to make it appears that a quick response (two days) has been achieved on
>those issues ?

Why is that bad?  I have no objection to giving vendors a reasonable 
amount of time to fix problems before announcing the whole.  Or is your 
point that two days hardly seems like enough time to develop -- and 
*test* -- a fix?

		--Steve Bellovin,