Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

"responsible disclosure" explanation

From: Georgi Guninski <guninski () guninski com>
Date: Fri, 5 Aug 2005 15:50:23 +0300
here is what "responsible disclosure" means:

according to:
http://www.theregister.co.uk/2005/07/29/cisco_settles_rogue_researcher_dispute/

"Cisco's actions (regarding) Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that 
they chose to address the issue outside of established industry practices and procedures for responsible disclosure,"

the term "responsible disclosure" is a corporate instrument for trying to 
shut people up.

i doubt the "responsible" argument will stand in a non-us court.
also challenge the fact that this is "established industry practice".

the net result of the cisco gate is the info is out there and cisco is 
resetting luser's password.

check the flames about the responsibility rfc, which got ditched by the
IETF.

note: i don't promote neither disclosure, nor non-disclosure - everyone 
choses for themselves.

-- 
where do you want bill gates to go today?












_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: