[VOIPSEC] Date formats in advisories... Re: Owning the internal network with SIP (part 1) and a Linksys Phone
Dan York
dyork at lodestar2.com
Tue Oct 9 08:22:11 CDT 2007
Radu,
Thanks for forwarding this information to the VOIPSEC list and I look
forward to whatever discussion this may generate.
I would, however, like to make one little request - can you please
move to using a date format in your advisories that spells out the
month name?
Living in North America, my brain had a hard time with this:
> Affected Device: Linksys SPA Linksys SPA-941 (Version 5.1.8)
>
> Date of Discovery 10/08/2007
>
> Vendor was informed on 13/08/2007 and acknowledged the vulnerability
because I thought you were indicating that the "Date of Discovery" was
yesterday ("10/8" here) but yet your vendor notification date was
"13/08/2007". Once I saw the second date I realized that your
discovery date was what we here would note as "8/10/2007".
We can argue about whose date format makes the most sense (I think
yours does, actually) but the odds of us changing the conflict any
time soon are right up there with solving various political conflicts
in the world. My suggestion would be to use "10 Aug 2007" or perhaps
"20070810".
Anyone else have a suggested format?
My 2 cents,
Dan
--
Dan York, CISSP, LPIC2 http://www.danyork.com/ dyork at Lodestar2.com
Skype: danyork LinkedIn profile: http://www.linkedin.com/in/danyork
PGP key (F7E3C3B4) available for secure communication
Disruptive Conversations - http://www.disruptiveconversations.com/
Disruptive Telephony - http://www.disruptivetelephony.com/
Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com/
For Immediate Release - http://www.forimmediaterelease.biz/
Voice of VOIPSA - http://www.voipsa.org/blog/
More information about the Voipsec
mailing list