I think that if it controls the media fuzz that surrounds vulnerability disclosure then it is a good thing. If it means that the media only goes abuzz when things are serious can only be a good thing, but then again the media will always find a way to get information won’t they? I mean if it’s not “wow buzz bizz shazam!” then they won’t bother printing anything about it.. “MS Office Macro Virus!”
I’m glad that Kaminksy acknowledged the irony of the situation, because I can’t help but feel that the DNS thing, while serious, was a perfect example of media hype outweighing real risk.
I hope that the “council” (high council? supreme council? overlords? whatever) are a nice diverse slice of the industry though, because obviously weaknesses discovered in browsers will always have a larger impact upon business that rely on the Internet as a channel, as opposed to companies that don’t.
If it is setup with a global focus and not manned by US glory boys only then this may have some potential. Put it out to each continent for representation and it may do a little bit of good. Ignore people like NZ, Oz and others like that and it will go nowhere as a worthwhile representative body.
Selective “glory boys” to make calls on this?! Why would u want to be involved? I think you know that with the recent SafeCode or whatver and other ’save the world’groups!
I think that if it controls the media fuzz that surrounds vulnerability disclosure then it is a good thing. If it means that the media only goes abuzz when things are serious can only be a good thing, but then again the media will always find a way to get information won’t they? I mean if it’s not “wow buzz bizz shazam!” then they won’t bother printing anything about it.. “MS Office Macro Virus!”
I’m glad that Kaminksy acknowledged the irony of the situation, because I can’t help but feel that the DNS thing, while serious, was a perfect example of media hype outweighing real risk.
I hope that the “council” (high council? supreme council? overlords? whatever) are a nice diverse slice of the industry though, because obviously weaknesses discovered in browsers will always have a larger impact upon business that rely on the Internet as a channel, as opposed to companies that don’t.
-C
K, am confused. Is this not what CVSS gives us?
CVSS http://nvd.nist.gov/cvss.cfm
DNS flaw:
http://web.nvd.nist.gov/view/vuln/detail?execution=e2s1
If it is setup with a global focus and not manned by US glory boys only then this may have some potential. Put it out to each continent for representation and it may do a little bit of good. Ignore people like NZ, Oz and others like that and it will go nowhere as a worthwhile representative body.
Selective “glory boys” to make calls on this?! Why would u want to be involved? I think you know that with the recent SafeCode or whatver and other ’save the world’groups!