|metaed||modding down Advisory comments|
|17th Feb, 2011 00:55|
User Since: 11th Feb, 2009
System Score: 100%
"I wish to complain abou' this parrot, wha' I purchased not 'alf an 'our ago from this very boutique." ---The Pet Shop Sketch
I have become annoyed and frustrated by the use of senior moderator privileges to mod comments on Advisories down as much as -5, when those comments fall well within the bounds of what Secunia has specifically invited people to post. A user should, in principle, reasonably expect to post information, discussion, and questions about a posted Advisory without being modded down.
In practice, Advisory comments are frequently being modded down despite being on topic. These mods obscure relevant and important security information when the comment's mod level goes below 0. They discourage volunteerism by penalizing people whose relevant questions or answers are modded down.
So what is on topic in an Advisory?
Information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data, according to the request at the bottom of each Advisory. Information should relate to the vulnerability. Notice that "other relevant data" is a broad category of information requested.
Also, Advisories are cross linked to Vulnerabilities Forum as new topics. This means that when a person posts an on-topic comment in Vulnerabilities Forum, the comment will also appear under the Advisory. Vulnerabilities Forum gives no notice of special rules applying to a thread if it happens to be an Advisory cross link. Therefore Forum rules apply.
So what is on topic in Vulnerabilities Forum threads?
Knowledge and discussion of IT security related topics, according to the invitation on the Forums main page; questions, according to the invitation on each Forum page. Threads should relate to the name of the Forum, and comments should relate to the name of the thread.
So, in Vulnerabilities Forum, what's requested is like what's requested in the Advisory invitation, except that questions are explicitly invited.
Time permits me to give just the latest example I came across, and to discuss only the comments which seem to have received large mods down from senior moderators. This is not an extraordinary example by any means. The number of negative mods on these comments may seem extreme compared to what is seen in other forums, but this has been going on since comment moderation was rolled out last spring. Here is the link and my reactions to the major mods down.
Comment 1 asked for information about the linked vendor workaround. Information about links is specifically requested by Secunia. Questions are on topic. This comment has been modded +4, -4 and should not have been modded down.
Comment 2 provided information about patches, information specifically requested by Secunia. This comment has been modded +4, -2 and should not have been modded down.
Comment 5 was the author of comment 1 scolding the author of comment 3 for scolding him. This comment was modded +5, -3. Scolds are off topic even if "justified" so I have no complaint about scolds being modded down. (Comment 3 should also have gotten a major mod down but did not.)
Comment 6 provided information about new versions and mitigating factors, information specifically requested by Secunia. This comment has been modded +6, -5, and should not have been modded down.
Sometimes they fool you by walking upright.
|Maurice Joyce||RE: modding down Advisory comments|
|17th Feb, 2011 02:55|
User Since: 4th Jan 2009
System Score: N/A
U must be a good golfer - U have just scored a "hole in one".
In general terms what U are saying is 100% correct in that there are certain members granted the privilege of being able to use more than one point to vote on a thread. This privilege is awarded for dedication in helping with solutions to user problems and is not necessarily linked to IT expertise.
This is clearly being abused not only on the thread U point to but elsewhere. It includes cartel voting & unnecessary policing which I have previously written to Secunia about.
Interestingly enough I wrote to Secunia Support three days ago highlighting the very thread U have used as an example of voting gone mad.
Perhaps I might add that the Vulnerability Section has been subject to general comments before. It, like others, has a caveat that is clearly misunderstood by many as follows:
Following are the latest active threads in the Secunia Vulnerabilities Forum. You can use the search form below to find threads on a specific topic. In case you do not find the answers you are searching for, we encourage you to login and post your question to other community members.
When time allows Secunia have stated, on this Forum, that they will make the rules of using that section clearer to all. Basically it is a no go area unless U have a COMMENT like this:
In the interim, what Anthony was trying to say (as a dedicated helper & well known NON VOTER) in comment 3 is the stance that Secunia have taken in the past to users writing to their threads (they have zapped them in some cases with severe penalties). He sadly appears to be in a "catch 22" scenario when really trying to help. It is a shame that other helpers (who know the "muddy" rules) did not support him by avoiding the thread.
As I said at the start, in general terms U are 100% correct about voting & my advice would be to formally write to Secunia Support & complain. Only they are able to be 100% certain who is abusing the system & take appropriate action to remove the voting powers of the offenders. This will let the Forum run free where solutions are rewarded on merit which was the original Secunia idea.
The Secunia Staff are very busy elsewhere at the moment so U may not get an immediate response on the Forum.
Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
|Anthony Wells||RE: modding down Advisory comments|
|17th Feb, 2011 13:20|
User Since: 19th Dec 2007
System Score: N/A
Just to confirm that I will continue to try to help those posting by "error" in the "vulnerabilities" sub-forum ; my post to a regular user of the Forum @bjm - and by inference @Mogs - was maybe a little cryptic , but I was trying to point out the mix of "relevant" questions concerning aspects of the SA and "other" general workaround questions and use of the PSI auto-update . Next time I will be more detailed and specific whoever it may annoy .
I was concerned (as usual) that the questions would not be answered or that helpful comments would be "modded" out if the conversation continued . As confusion was starting and strange voting was about , I did not respond to any further comments from bjm . Perhaps , Secunia staff were trying to keep those posts they wanted minimised in that small state . Fortunately , ddm's lucid response remains visible atm !!
I have up to 5 votes , but can confirm I almost never , ever vote and none were/have been given by me in the thread in question .
It always seems impossible until its done.
|ddmarshall||RE: modding down Advisory comments|
|17th Feb, 2011 14:03|
User Since: 8th Nov 2008
System Score: 98%
|As a non-voter in most circumstances, I'd be happy with only the original poster being able to score replies. I usually open the minimised replies anyway, in case there's something in it. A Spam button would be useful too.
The problem is people dive in without reading the instructions and tag onto threads rather than starting their own.
This answer is provided “as-is.” You bear the risk of using it.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.