[linux-elitists] Security Vendor Cuts Ties With CERT

James Morris jmorris@intercode.com.au
Wed Jan 29 03:32:41 PST 2003


  January 28, 2003 Security Vendor Cuts Ties With CERT

  By  Dennis Fisher

  A prominent U.K.-based security vendor well-known for finding dangerous
  vulnerabilities in a variety of software said on Monday that it would
  no longer work with the CERT Coordination Center after CERT personnel
  gave advance notice of several new vulnerabilities to a software vendor
  and some government officials.

  Researchers at Next Generation Security Software Ltd. were angered
  when a representative from a software vendor told them that CERT
  had a policy of providing advance information on vulnerabilities
  to some organizations and government agencies, which pay for this
  privilege. Mark Litchfield, co-founder of NGS Software, said he was
  unaware of the policy and was unhappy that CERT was collecting money
  for research that his company had done. While he acknowledged that
  CERT is a non-profit organization, Litchfield disputes its right to
  charge for others' work.


IMHO, this violates an important trust relationship with the community,
and seems likely to lead to less reporting and coordination of security

I'm not sure how long CERT have been doing this, but there are other
organizations which also coordinate security issues and provide advance
information only to paying customers.

- James
James Morris

More information about the linux-elitists mailing list