[VOIPSEC] Some additional etiquette thoughts (Was Re: Administrivia: A Test, Turning Moderation Off)

dan_york at Mitel.com dan_york at Mitel.com
Mon Oct 31 13:44:10 CST 2005 

David,

> In order to further the sense of community around VOIPSA and this mailing 
list, we're turning off all moderation for a little while to see how it 
goes. 

Many thanks for making the changes.

I would throw out to the community for discussion a suggestion that there 
are two other loose guidelines for this mailing list based on what I have 
seen to date on this list:

1. This is not a mailing list for vendor pitches.  If you are on here 
expecting to pitch your product, please go elsewhere.  Which isn't to say 
you can't mention your product.  If someone asks "Does anyone know of a 
product that does X?" it's perfectly fine in my opinion to come back and 
say "yes, we make one of those.  Read more at www....."   Or if there's a 
discussion on a topic and you want to explain how your product does 
something, okay.  But this is not the place for a company to send press 
releases, product announcements, etc.  (Now it's different to me if 
someone else notices your announcement and posts it here. That's okay if 
it's not you doing it.)

Question for the group: what about security advisories relating to VoIP 
products?  Is it okay for a vendor to send a security advisory (or the 
URL) for their product to the list?  My personal vote would be yes. 
Others?

2. This is not a mailing list for "full disclosure" of VoIP exploits, i.e. 
"Did you know you can break XXXXXX's VoIP system by using this simple 
attached script?"  This list is for the discussion of VoIP security, but, 
as a participating vendor, I would like to hope that actual exploits would 
be sent to the vendor through the normal channels (such as 
'security at xxxxxxx.com') so that a solution could be found before they are 
posted to this public mailing list. 

Thoughts?  Comments?

Regards,
Dan
-- 
Dan York, CISSP, Director of IP Technology, Office of the CTO
Mitel Corporation   http://www.mitel.com/  dan_york at mitel.com
Ph: +1-613-592-2122   350 Legget Drive, Ottawa, ON, K2K 2W7 Canada
PGP key (F7E3C3B4) available for secure communication

More information about the Voipsec mailing list