On Fri, 24 Oct 2008 00:01:23 BST, n3td3v said: > are done. And in times of need, force people to work with each other > even if they don't really want to. Maybe the forcing people to > collaborate is a good thing at critical times, but you don't need a > whole US-CERT for that, it just takes a couple of independant folks to > do that, out there in the community when it becomes apparent when > action with multi-vendors, governments is required. You *do* in fact need "a whole US-CERT" to force people to collaborate. There's a *very* short list of "a couple of independent folks" who can get things to happen just on their own personal credibility - and they're usually already totally overcommitted during these sorts of crises. How many machines got patched for Dan Kaminsky's DNS issue because US-CERT said "Patch it or else"? And then how many machines got patched because Paul Vixie said "You really need to patch it"? And there's always the issue that if it's just some random people, they might all be off on vacation when things hit the fan - if it's an organized agency, there's somebody to make sure that there's adequate coverage all the time. Yes, somebody needs to work the week between Christmas and New Year's - and that implies a boss who will make sure that happens. > white hats if another white hat doesn't agree with something. But > people like valdis will still call me names, but he is probably a > republican, so who cares. You obviously haven't been paying attention.
Attachment:
pgpskjCOfVJi9.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/