April 30, 2021 Opener

Dr. Roger Moore directs the Vulnerabilities Project in the Computer Security Corporation. Dr. Moore is nicknamed “007” by his managerial colleagues, because of his ability to get things done; but he’s not very knowledgeable technically, which led his technical staff to nickname him “003½”. His latest idea has them talking.

Dr. Moore has decided to establish a set of corporate sponsorships for the lab. When a vulnerability is discovered, he will take exactly the following steps:

  1. All corporate sponsors will be notified at once, immediately.
  2. After two months, the incident response teams making up FIRST (such as CERT/CC and AUSCERT) will be notified.
  3. The vulnerability will be released on a wider scale no earlier than 2 months after the FIRST teams are notified.

The technical group thinks the above plan would be acceptable with one modification. What is the change, and why is it so important?


UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 135, Computer Security
Version of May 3, 2021 at 7:36AM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh