Puzzle of the Day
Dr. Roger Moore directs the Vulnerabilities Project in the Computer
Security Corporation. Dr. Moore is nicknamed "007" by his managerial
colleagues, because of his ability to get things done; but he's not very
knowledgeable technically, which led his technical staff to nickname him
"003-1/2". His latest idea has them talking.
Dr. Moore has decided to establish a set of corporate sponsorships for the lab.
When a vulnerability is discovered, he will take exactly the following
The technical group thinks the above plan is flatly unethical, but with one
minor modification would be acceptable. What is the change, and why is it so
- All corporate sponsors will be notified at once, immediately.
- After two months, the incident response teams making up FIRST (such as CERT
and CIAC) will be notified.
- The vulnerability will be released on a wider scale no earlier than 2 months
after the FIRST teams are notified.
You can also see this document
in its native format,
in ASCII text.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/17/98