Security Mailing Lists Come Under Fire | eWeek

Security Mailing Lists Come Under Fire

Écrit par
Dennis Fisher
Dennis Fisher
Mar 25, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A Danish security company, angry over what it perceives as censorship on several popular mailing lists, is launching “a revolution to remove SecurityFocus and CERT from power.”

At present, the revolution consists of a new mailing list that will aggregate vulnerability advisories and other security-related reports from a variety of sources. Employees of Secunia Ltd. will take advisories from these sources, research and verify them and then submit them to the new list.

The list, known as the Secunia Security Advisories List, is designed to compete with lists such as SecurityFocus BugTraq and to complement more open lists, including VulnWatch and Full-Disclosure, Secunia executives say. Company executives are upset with the direction that BugTraq has taken since Symantec Corp. acquired SecurityFocus last year.

“The problem with SecurityFocus is not that they moderate the lists, but the fact that they deliberately delay and partially censor the information,” said Thomas Kristensen, chief technology officer of Secunia, based in Copenhagen, Denmark. “Since they were acquired by Symantec, they changed their policy regarding BugTraq. Before they used to post everything to everybody at the same time. Now they protect the interests of Symantec, delay information and inform their customers in advance. This is a problem as only companies who pay over $30,000 can get access to this information.”

Unlike some other security lists, BugTraq is actively moderated and therefore not every submission makes it onto the list.

Full-Disclosure, for instance, is only lightly moderated, meaning that virtually all posts are approved and immediately sent to subscribers.

SecurityFocus officials did not respond to a request for comment on this story.

Secunia officials also take the CERT Coordination Center to task for its policy of providing some organizations with advance notice of vulnerability reports as part of a fee-based program in cooperation with the Internet Security Alliance.

“At Secunia we feel that SecurityFocus has betrayed the community it used to serve so loyally, thats why we started Secunia,” said Kristensen. “I believe that security information should be free, so that administrators can patch their systems and software developers can learn from the mistakes made by others.”

Secunia is a provider of security services and tools.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.