Bugtraq admin says submissions not being delayed
Fears that postings to the Bugtraq security mailing list, which is owned by Symantec, are being deliberately delayed, have been dismissed by the list administrator, Dave Mirza Ahmad.
Ahmad said the delay was due to the fact that Bugtraq is a moderated list. He was responding to a query from Raj Mathur, a subscriber of Bugtraq. Matur forwarded Ahmad's private reply to the Full-Disclosure mailing list with his (Ahmad's) permission.
The question of delayed postings was raised on the Full-Disclosure list by Rainer Gerhards who wrote: "The past few (3?) weeks I think I notice a slowdown on Bugtraq. Posts very often appear on BugTraq hours after they appear on this list.
"It can't be due to moderation, it happens during US prime time, when the moderator is awake ;) (bad thing if something important happens during US night time, though...). It also can't simply be the posters' credibility - it happens to well-known and respected posters, too (of course, all others have a much larger delay, sometimes days). For example the FreeBSD security advisory arrived around three hours later via Bugtraq than via this list (Full-Disclosure). A key point is that I feel (not know) it was much better until recently."
[ Read more ]
- Article: Full Disclosure of Vulnerabilities - pros/cons and fake arguments (8 April 2002)
- Article: Issues: "Save a bug, safe a life?" (1 April 2002)