KevinO wrote:
>
> Will Bugtraq ever be the same ?
I don't have any love for Symantec (or respect for that matter), but
they'd have to be really st00pid to mess with Bugtraq, et. al. and
alienate the entire private security community, as well as a lot of the
commercial folks.
I can't help but wonder why they decided to buy SF though (perhaps
that's why I'm not a stinkin' rich sociopathic businessperson...) Why
buy something then destroy its value, unless you're MS babyguarding your
monopoly? I guess we wait and see what happens.
Steve
>
> -------- Original Message --------
> Subject: Administrivia: Symantec acquiring SecurityFocus
> Date: Wed, 17 Jul 2002 15:27:54 -0600
> From: aleph1@securityfocus.com
> To: bugtraq@securityfocus.com
>
> Good day,
>
> Today, SecurityFocus and Symantec announced that Symantec is acquiring
> SecurityFocus. Symantec sees real value in the services SecurityFocus
> provides to its customers and believes they are an excellent fit with
> their current offerings. We at SecurityFocus see this as an opportunity to
> provide even better services for the security community.
>
> Symantec recognizes the value and uniqueness of the public services
> SecurityFocus provides to the community, such as the numerous mailing
> lists we host and the content we provide via the SecurityFocus Online web
> site.
>
> In particular, Symantec and SecurityFocus want to ease any fears as to
> whether the character of this mailing list will change.
>
> Frequently Asked Questions:
>
> Q. What is the Symantec strategy for keeping data sources?
>
> A. We believe it is critical to maintain the integrity of the existing
> security community currently part of the SecurityFocus portal and
> Bugtraq mailing list.
>
> Q. What is Symantec's disclosure policy?
>
> A. Symantec believes in responsible vulnerability disclosure and is active
> in initiatives to set best practices in this area. Our first priority
> is to help our customers protect their computing assets by providing
> tools and information to safeguard their systems.
>
> We will work with vendors, if we discover vulnerabilities in other
> products, to report and investigate the issue in a thorough and timely
> fashion, in the same way that Symantec will work with other security
> researchers if they find an issue with any Symantec technology.
>
> We observe a 30-day grace period after the notification of a security
> advisory to give users an opportunity to apply the patch. During this
> grace period, we provide our customers significant information about
> the vulnerability and the fix, but not step-by-step instructions for
> exploiting the vulnerability. We do not provide detailed exploit code
> or provide samples of malicious code except to other trusted security
> researchers and in a secured manner.
>
> Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
>
> A. We believe that in order for the SecurityFocus/Bugtraq community to be
> effective, it must be an independent entity. We believe that its
> current disclosure policy is appropriate for the venue. Symantec will
> continue to operate with its separate disclosure policy.
>
> Sincerly,
> Elias Levy, David Ahmad,
> and the rest of the SecurityFocus staff
>
> --
> KevinO
>
> Matz's Law:
> A conclusion is the place where you got tired of thinking.
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)