Puzzle of the Day

Dr. Roger Moore directs the Vulnerabilities Project in the Computer Security Corporation. Dr. Moore is nicknamed "007" by his managerial colleagues, because of his ability to get things done; but he's not very knowledgeable technically, which led his technical staff to nickname him "003-1/2". His latest idea has them talking.

Dr. Moore has decided to establish a set of corporate sponsorships for the lab. When a vulnerability is discovered, he will take exactly the following steps:

  1. All corporate sponsors will be notified at once, immediately.
  2. After two months, the incident response teams making up FIRST (such as CERT and CIAC) will be notified.
  3. The vulnerability will be released on a wider scale no earlier than 2 months after the FIRST teams are notified.
The technical group thinks the above plan is flatly unethical, but with one minor modification would be acceptable. What is the change, and why is it so important?


You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 2/17/98