Re: Hacker Emergency Response Team
On Fri, Jan 08, 1999 at 11:29:33AM +0100, Anthony C . Zboralski wrote:
> We have just started the Hacker Emergency Response Team as a
> better alternative to CERT.
I would realy like to see that the critic against cert is based on a
somewhat less offensive base:
# A majority of people think CERT is doing a brilliant job, but when you
# examine CERT more closely, one could believe CERT is a bit corrupted.
There are not much PPL who criticise CERT for beeing corrupt.
CERT has of course a lot of multiple vulerability reports. Each lame
Sendmail x.x.x is a report and therefore one bulletin is enough for it.
CERT wont announce vulnerabilities which are not fixed, thats the policy. If
you dont like it you have full disclosoure lists.
# We decided to create HERT, when system administrators of highly sensitive US
# networks informed us that they were supplied with official vendor patches
# months before public announcement were made by vendors, CERT or
# full-disclosure mailing lists like Bugtraq.
Oh thats good new... never ever saw that (expect for OpenBSD Bugfixes)
I think it is a good idea to have a moderated full disclosure Center,
which HERT could be... but if you attack existing organisations which do a
real good job, you dont get much friends on the net.
Greetings
Bernd
Reply to: