Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!cica!iuvax!mailrus!ncar!ames!pacbell!hoptoad!capmkt!brent
From: brent@capmkt.COM (Brent Chapman)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Worm report fails to address the problem
Message-ID: <338@capmkt.COM>
Date: 27 Jul 89 21:33:55 GMT
References: <8907211627.aa28013@note.nsf.gov> <8136@hoptoad.uucp> <18814@usc.edu>
Organization: Capital Market Technology, Inc.; Berkeley, CA
Lines: 29

tli@sargas.usc.edu (Tony Li) writes:

>In article <8136@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes:
>    ...
>    and CERT seems to be following the NSA model (all information flows
>    inward).
>    
>I think that this is most unfair, especially in light of the message
>which was sent to the sun-managers list today.

Yes, they finally sent it out.  I was informed of it (through other
channels) and fixed it on my systems over a month ago.  I'm not particularly
well-connected in the security community; CERT must surely have learned of
the problem before I did.  Why did they take so long to get the word out?
Does CERT have a formal policy of sitting on a security problem for some
period of time before releasing it to the "general public"?  What _is_
CERT's charter and policy?

Before anyone starts flaming here, note that I'm not criticizing CERT (yet);
I don't know enough about them.  I'm asking for information about them,
so that I can form an informed opinion about them.


-Brent
--
Brent Chapman					Capital Market Technology, Inc.
Computer Operations Manager			1995 University Ave., Suite 390
brent@capmkt.com				Berkeley, CA  94704
{apple,lll-tis,uunet}!capmkt!brent		Phone:  415/540-6400