On Tue, 1 Aug 2006 secure@xxxxxxxxxxxx wrote: > Symantec has posted a Security Advisory for Symantec On-Demand Protection. > PLease see the advisory for complete information: > > http://www.symantec.com/avcenter/security/Content/2006.08.01a.html This Symantec posting contains minimal security information. In December 2000[1] @stake modified their Bugtraq postings to include a small amount of security information and a link back to the @stake website where the full advisory resided. The intention was to have a bit more control over the way people viewed the advisories. They would be viewed on the @stake website only and not serve as content for for-profit advertising supported websites. The advisory could also be updated if there were errors or updates and it would serve as the canonical reference. Elias Levy, the Bugtraq moderator at the time, rejected the posting on the grounds that it contained minimal security information. His reasoning was that forcing people to go to an additional website was inconvenient and that if the advisory website ever went away the original advisory would be lost. He had a good point and @stake changed back to the old format. One of the ironies of the security world is Symantec purchased SecurityFocus and then later @stake. After purchasing @stake, Symantec removed the @stake advisory archive, thus bringing Elias' fear to reality. Elias' reasoning still holds true today. Companies come and go, are acquired or change course. Symantec should post its full advisories to the list and so should everyone else. -Chris 1. Bugtraq: Administrivia & AOL IM Advisory, http://seclists.org/bugtraq/2000/Dec/0197.html
