North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Cisco IOS Exploit Cover Up

  • From: Hannigan, Martin
  • Date: Thu Jul 28 00:23:53 2005

> ..and of course:
> 
> "Cisco Denies Router Vulnerability Claims"
> 
> [snip]


Of course. That's how a broken vuln system works. :-)

The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in "the system"
because $vendor is dealing with people usually more qualified than
themselves to make a decision on who needs to know and make one
independant of revenue<-- .

$vendor is probably not the best person to decide who
gets on the secret-15 lists et. al.

-M<