charlie@ARI-HQ1 (01/30/86)
I find it very useful to learn from INFO-VAX what security flaws others have discovered. That helps me know what to be on the lookout for in preserving the security of my system. Obviously, if there is a problem that ariese when a Unibus goes out of service, the hacker is going to be hard put to take advantage of it, but we can institute procedures at our site to prevent the problem or to mitigate its consequences. When I discover a serious problem, information on which can help a hacker, I will get in touch either directly with DEC or instead via the National Computer Security Center. I presume most users are bright enough and thoug and thoughtful enough to exercise good judgement as to what problems ought to be aired publicly and which ones ought to be discussed only in private. If DEC finds that publication of some particular security flaw is likely to generate problems from hackers, then let them mount an emergency program to fix that flaw, and let's get on with our regular business. Charlie Abzug Data Security Officer U.S. Army Research Institute ------