Comments on: Spin Spin Spin http://www.eire.com/2005/spin-spin-spin/ Government, Infrastructure, Business Mon, 07 Nov 2011 07:06:19 +0000 hourly 1 By: Administrator http://www.eire.com/2005/spin-spin-spin/comment-page-1/#comment-16463 Administrator Thu, 04 Aug 2005 10:28:52 +0000 http://www.eire.com/?p=179#comment-16463 You mean ... if he's recruited by a blackhat operation ...! Maybe it's not his next employing manager, but what happens when anybody runs a security check on him? This dumb stuff will be what comes up. He'll have to explain the whole story again and again forever. The ol' 'full disclosure' issue is certainly like an old friend. You mean … if he’s recruited by a blackhat operation …!

Maybe it’s not his next employing manager, but what happens when anybody runs a security check on him? This dumb stuff will be what comes up. He’ll have to explain the whole story again and again forever.

The ol’ ‘full disclosure’ issue is certainly like an old friend.

]]> By: Justin http://www.eire.com/2005/spin-spin-spin/comment-page-1/#comment-16338 Justin Mon, 01 Aug 2005 18:49:19 +0000 http://www.eire.com/?p=179#comment-16338 I think you're overestimating the effects of BusinessWeek on prospective employers; IMO, Lynn won't be dealing with the kind of company where someone who gets all their tech news from BusinessWeek without questioning it, gets a look in on hiring decisions like that. He's already made his name as a great security researcher -- especially since all the facts seem to indicate that Cisco are doing this in an attempt at spin control, the bug has been fixed in packages released 3 months ago, and the vulnerability deserves exposure now. BTW, I find it interesting to see the "full disclosure" argument playing out again, more than ten years since it cropped up first with the creation of the bugtraq mailing list. That happened in response to CERT's secrecy in the face of active use of undisclosed holes by black-hats, iirc. I think you’re overestimating the effects of BusinessWeek on prospective employers; IMO, Lynn won’t be dealing with the kind of company where someone who gets all their tech news from BusinessWeek without questioning it, gets a look in on hiring decisions like that. He’s already made his name as a great security researcher — especially since all the facts seem to indicate that Cisco are doing this in an attempt at spin control, the bug has been fixed in packages released 3 months ago, and the vulnerability deserves exposure now.

BTW, I find it interesting to see the “full disclosure” argument playing out again, more than ten years since it cropped up first with the creation of the bugtraq mailing list. That happened in response to CERT’s secrecy in the face of active use of undisclosed holes by black-hats, iirc.

]]>