Wednesday, January 07, 2009

Verisign's Big Takeaway (And Pigs Need Wings, Too)

How unsuprising is Tim Callan's "big takeway" for anyone that has had experience on the disclosure front either inside a vendor or as a finder:

The big takeaway for me from this incident is that we need an environment where researchers and security vendors can trust each other. Alexander has explained why his team did not feel they could place that trust in VeriSign. I have explained why I feel they could have. We at VeriSign would like to see an environment where researchers need not mistrust security vendors and vice versa. We're committed to doing our part to bring back that environment, and we encourage security researchers in the future to reach out directly to us. We promise to treat you fairly and respectfully.

Yup, we'll see when that happens.

No comments: