[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Seeking comment on disclosure articles

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Seeking comment on disclosure articles
From: Shawna McAlearney <SMcAlearney@xxxxxxx>
Date: Fri, 12 Jan 2007 07:46:37 -0500

Vulnerability Disclosure: Where Do You Stand?
If you see a glaring security hole in a sensitive application, what will 
you do? Will you notify the developer? The users? Other hackers? Sometimes 
it's best not to be the good Samaritan. Read about "The Chilling Effect" 
and also find out why Bruce Schneier thinks full and open disclosure is a 
"damned good idea" while Marcus Ranum says disclosure of vulnerabilities 
is a marketing ploy by vendors that was never really designed to further 
security and has only succeeded in fostering a "grey-market economy in 
exploits." Do you think disclosure only aids attackers?
http://www2.csoonline.com/exclusives/column.html?CID=28088

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Seeking comment on disclosure articles
  - From: Ben Bucksch

Prev by Date: [Full-disclosure] [USN-406-1] OpenOffice.org vulnerability
Next by Date: Re: [Full-disclosure] Seeking comment on disclosure articles
Previous by thread: [Full-disclosure] [USN-406-1] OpenOffice.org vulnerability
Next by thread: Re: [Full-disclosure] Seeking comment on disclosure articles
Index(es):
- Date
- Thread