[linux-elitists] Security Vendor Cuts Ties With CERT
Wed Jan 29 03:32:41 PST 2003
January 28, 2003 Security Vendor Cuts Ties With CERT
By Dennis Fisher
A prominent U.K.-based security vendor well-known for finding dangerous
vulnerabilities in a variety of software said on Monday that it would
no longer work with the CERT Coordination Center after CERT personnel
gave advance notice of several new vulnerabilities to a software vendor
and some government officials.
Researchers at Next Generation Security Software Ltd. were angered
when a representative from a software vendor told them that CERT
had a policy of providing advance information on vulnerabilities
to some organizations and government agencies, which pay for this
privilege. Mark Litchfield, co-founder of NGS Software, said he was
unaware of the policy and was unhappy that CERT was collecting money
for research that his company had done. While he acknowledged that
CERT is a non-profit organization, Litchfield disputes its right to
charge for others' work.
IMHO, this violates an important trust relationship with the community,
and seems likely to lead to less reporting and coordination of security
I'm not sure how long CERT have been doing this, but there are other
organizations which also coordinate security issues and provide advance
information only to paying customers.
More information about the linux-elitists