Security Mailing Lists Come Under Fire
A Danish security company speaks out about what it perceives as censorship on several popular mailing lists.A Danish security company, angry over what it perceives as censorship on several popular mailing lists, is launching "a revolution to remove SecurityFocus and CERT from power." At present, the revolution consists of a new mailing list that will aggregate vulnerability advisories and other security-related reports from a variety of sources. Employees of Secunia Ltd. will take advisories from these sources, research and verify them and then submit them to the new list. The list, known as the Secunia Security Advisories List, is designed to compete with lists such as SecurityFocus BugTraq and to complement more open lists, including VulnWatch and Full-Disclosure, Secunia executives say. Company executives are upset with the direction that BugTraq has taken since Symantec Corp. acquired SecurityFocus last year.
"The problem with SecurityFocus is not that they moderate the lists, but the fact that they deliberately delay and partially censor the information," said Thomas Kristensen, chief technology officer of Secunia, based in Copenhagen, Denmark. "Since they were acquired by Symantec, they changed their policy regarding BugTraq. Before they used to post everything to everybody at the same time. Now they protect the interests of Symantec, delay information and inform their customers in advance. This is a problem as only companies who pay over $30,000 can get access to this information."
Find white papers on security.