Vulnerability Development mailing list archives
seeking comments on disclosure articles
From: Shawna McAlearney <SMcAlearney () cxo com>
Date: Sun, 14 Jan 2007 10:33:17 -0500
Hi all, I'd love to hear what you think about some articles we posted on disclosure. Please feel free to email me or post a comment on the appropriate article as you see fit. I look forward to hearing your insights. If you see a glaring security hole in a sensitive application, what will you do? Will you notify the developer? The users? Other hackers? Sometimes it's best not to be the good Samaritan. Read about "The Chilling Effect" and also find out why Bruce Schneier thinks full and open disclosure is a "damned good idea" while Marcus Ranum says disclosure of vulnerabilities is a marketing ploy by vendors that was never really designed to further security and has only succeeded in fostering a "grey-market economy in exploits." http://www2.csoonline.com/exclusives/column.html?CID=28088
Current thread:
- seeking comments on disclosure articles Shawna McAlearney (Jan 15)