[SCADASEC] Implications of SuiteLink's flaw

[southworthrg at bigpond.com]

Hi Jake,

Maybe this is happening already between Subject Matter Experts? 

It is a hornet's nest dealing with all the various point's of view and sensativities but it is resolveable. 



Ron 
 
---- Matthew Franz <mdfranz at gmail.com> wrote: 
> Jake,
> 
> 'll bite off a tiny piece..
> 
> A serious question (not only for you but for others on the list) is
> what hat color do the folks at CORE wear?
> 
> How about Digital Bond? IT Security Vendors? Control System vendors? DoE Labs?
> 
> What you are talking about is pre-disclosure. It might be
> pre-disclosure before or after a fix, but in order for
> 
> Not only do different vendors have opinions/policies of pre-disclosure
> but so do the national CERTs, so this is no small hornet's nest..
> 
> - mdf
> 
> >  Look, we have Black Hats, Grey Hats, and White Hats.  What I envision is
> >  a group of Control Systems White Hats who will discuss the ramifications
> >  and defenses among the community in relative confidentiality.  I can't
> >  control the Black Hats.  But I have no desire to hand them any more
> >  information than they deserve.  Thus far, most of the papers in Black
> >  Hat conferences are relatively ignorant and benign.  I don't care to
> >  speculate how long that situation will stay that way.
> >
> >  If we don't attempt to form this group, the White Hats will have no
> >  other place to turn to.  We'll simply have to expose all SCADA systems
> >  publicly.  That will make for some very busy, unstable SCADA patching
> >  --or at the very least it will make SCADA systems very isolated and
> >  difficult to communicate with.
> 
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
> 
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
> 
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec