[Info-vax] VSI, was: Re: Ada on VMS, was: Re: Making the CRTL version dependency information useful

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Wed Jan 17 13:53:59 EST 2018 

On 2018-01-17, gérard Calliet <gerard.calliet at pia-sofer.fr> wrote:
> Le 17/01/2018 à 14:35, Simon Clubley a écrit :
>> On 2018-01-17, gérard Calliet <gerard.calliet at pia-sofer.fr> wrote:
>>>
>>> We hoped we could get some help from VSI, but they think we are too
>>> little (too "new", perhaps :) )to speak with them.
>>>
>> 
>> Did VSI tell you that or did they just not bother replying to your
>> emails ? If it's the latter, don't read too much into it as that has
>> apparently happened quite a bit in the past (based on comments here).
> No, there are been a very long exchange with VSI, 2 presentations at 
> bootcamps, personal conversations. VSI wants a complete distribution, a 
> strong company for support, nothing like best efforts in an Open Source 
> alliance of consultants.

Well VSI may have their reasons for rejecting you, but this is a company
which isn't exactly holding itself to their own public standards either.

This is a company which makes a really big deal out of CVE counts but
when someone asks for a CVE number from VSI they are forced to ask
VSI multiple times in order to try and get one.

The latest news is that a CVE number has finally been reserved but it
looks like I am not yet allowed to know the number and have to wait for
another email sometime this week.

What a mess. :-( If VSI respond in this way to the third party security
researchers, VSI are going to get absolutely hammered. I hope that the
changes Derrell appears to be trying to make means that CVE assignment
by VSI is much more efficient in the future.

Oh, and I don't want anyone blaming Clair or Derrell for this. They
do _NOT_ appear to be the problem here and it would be very unfair
indeed to suggest otherwise.

In fact, I will say that Derrell is coming across as an excellent
person on these issues and if the VSI management have any sense they
will listen to him big time.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

More information about the Info-vax mailing list