[Full-disclosure] Seeking comment on disclosure articles
Shawna McAlearney
SMcAlearney at cxo.com
Fri Jan 12 12:46:37 GMT 2007
Vulnerability Disclosure: Where Do You Stand?
If you see a glaring security hole in a sensitive application, what will
you do? Will you notify the developer? The users? Other hackers? Sometimes
it's best not to be the good Samaritan. Read about "The Chilling Effect"
and also find out why Bruce Schneier thinks full and open disclosure is a
"damned good idea" while Marcus Ranum says disclosure of vulnerabilities
is a marketing ploy by vendors that was never really designed to further
security and has only succeeded in fostering a "grey-market economy in
exploits." Do you think disclosure only aids attackers?
http://www2.csoonline.com/exclusives/column.html?CID=28088
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070112/e34cefe5/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.