===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/press.html,v
retrieving revision 1.467
retrieving revision 1.468
diff -u -r1.467 -r1.468
--- www/Attic/press.html	2005/07/07 09:07:19	1.467
+++ www/Attic/press.html	2005/07/07 16:18:45	1.468
@@ -69,7 +69,26 @@
 
 <h2>June, 2005</h2>
 <ul>
+
 <li><font color="#009000"><strong>
+<a href="http://www.eurekalert.org/pub_releases/2005-06/ns-ttc062205.php">
+The true cost of computer crime</a>,
+EurekAlert / <a href="http://www.newscientist.com/">New Scientist Magazine</a>,
+issue June 25, 2005</strong></font><br>
+This article looks at computer crime, especially the way upcoming
+vulnerability reports are dealt with. It also gives a short overview of the
+different institutions involved in the process (vendors, free projects, CERTs).
+<br>
+The author mentions the work of Andy Ozment, who researches vulnerability
+disclosure at the University of Cambridge. Using OpenBSD as a good example
+of how disclosure and consequent fixing of bugs helps to strengthen security,
+he refutes the widely spread FUD that disclosing vulnerabilities leads to
+more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs
+and noting when fixes were published; his research shows that
+<i>"the number of vulnerabilities decreases as a result of disclosure"</i>.
+<p>
+
+<li><font color="#009000"><strong>
 <a href="http://www.forbes.com/forbes/2005/0704/071.html">
 Free Bird</a>,
 Forbes, June 16, 2005</strong></font><br>
@@ -4847,7 +4866,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: press.html,v 1.467 2005/07/07 09:07:19 grunk Exp $</small>
+<br><small>$OpenBSD: press.html,v 1.468 2005/07/07 16:18:45 grunk Exp $</small>
 
 </body>
 </html>