* on the Thu, Nov 11, 2010 at 11:17:43AM +0100, JIm Romaguera wrote:
Seriously, cert authorities have often delayed "outing" security holes from buggy software/hardware manufacturers until they have time to patch the bug. This has taken sometimes a very long time.
Indeed. This (and the NDA) is why I normally directly contact any other involved organization directly, without contacting cert. And, in case of security holes, go to bugtraq if nothing happens.
How come then that a "maybe" malware infected site (read the previous poster's comments - one man's malware is another man's security protection service) has no real time to react and is effectively "nuked".
Honeypots?
Anyway, as I see it, the whole thing adheres to the usual "the opposite of good is well-meant" approach. That, and it illustrates of course a very bad tendency of having the administration writing laws (well, technically not a "law", but close enough).
Cheers Seegras