Someone in ISS must have had his feathers ruffled by the BIND incident in mid-November. Guess what? They have now changed their disclosure policy to what the rest of the world had agreed was A Good Thing(tm) a few years ago.
If you read the PR blurb you will notice that nowhere can you find mention of an apology with respect to their behaviour with the BIND vulnerability disclosure nor is the previous policy mentioned. Did they actually have one? Or was it "who cares as long as we get the PR"? They go on and on about "responsibility" and how marvellous their new guidelines are.
Let us continue to propagate the "security people are all egocentric selfish showoffs who are unable to admit their mistakes", it really really helps with the credibility of the industry as a whole.
Posted by arrigo at December 4, 2002 06:18 PM