ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
Steven M. Bellovin
smb at research.att.com
Thu Feb 5 19:56:13 UTC 2004
In message <02e501c3ec1f$9a833fe0$020ba8c0 at NOTEBOOK>, "Rubens Kuhl Jr." writes:
>
>
>
>Isn't it curious that two unrelated issues have been reported to CheckPoint
>at the same day and the patches came out on the same day ?
>Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
>bugs and they agreed with ISS which date would be stated as notification to
>CP to make it appears that a quick response (two days) has been achieved on
>those issues ?
Why is that bad? I have no objection to giving vendors a reasonable
amount of time to fix problems before announcing the whole. Or is your
point that two days hardly seems like enough time to develop -- and
*test* -- a fix?
--Steve Bellovin, http://www.research.att.com/~smb
More information about the NANOG
mailing list