Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU Path: utzoo!decvax!bellcore!ulysses!ucbvax!info-vax From: charlie@ARI-HQ1 Newsgroups: mod.computers.vax Subject: Andy Goldstein's msg on the propriety of publishing VMS security flaws Message-ID: <8602012130.AA22237@ucbvax.berkeley.edu> Date: Thu, 30-Jan-86 08:08:00 EST Article-I.D.: ucbvax.8602012130.AA22237 Posted: Thu Jan 30 08:08:00 1986 Date-Received: Mon, 3-Feb-86 01:46:12 EST Sender: daemon@ucbvax.BERKELEY.EDU Reply-To: Organization: The ARPA Internet Lines: 20 Approved: info-vax@sri-kl.arpa I find it very useful to learn from INFO-VAX what security flaws others have discovered. That helps me know what to be on the lookout for in preserving the security of my system. Obviously, if there is a problem that ariese when a Unibus goes out of service, the hacker is going to be hard put to take advantage of it, but we can institute procedures at our site to prevent the problem or to mitigate its consequences. When I discover a serious problem, information on which can help a hacker, I will get in touch either directly with DEC or instead via the National Computer Security Center. I presume most users are bright enough and thoug and thoughtful enough to exercise good judgement as to what problems ought to be aired publicly and which ones ought to be discussed only in private. If DEC finds that publication of some particular security flaw is likely to generate problems from hackers, then let them mount an emergency program to fix that flaw, and let's get on with our regular business. Charlie Abzug Data Security Officer U.S. Army Research Institute ------