Puzzle 14: October 25, 2019

Dr. Roger Moore directs the Vulnerabilities Project in the Computer Security Corporation. Dr. Moore is nicknamed “007” by his managerial colleagues, because of his ability to get things done; but he’s not very knowledgeable technically, which led his technical staff to nickname him “003½”. His latest idea has them talking.

Dr. Moore has decided to establish a set of corporate sponsorships for the lab. When a vulnerability is discovered, he will take exactly the following steps:

  1. All corporate sponsors will be notified at once, immediately.
  2. After two months, the incident response teams making up FIRST (such as CERT and CIAC) will be notified.
  3. The vulnerability will be released on a wider scale no earlier than 2 months after the FIRST teams are notified.

The technical group thinks the above plan omits something that is vital, and wants him to make a change. What is the change, and why is it so important?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of October 23, 2019 at 11:00PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh