Full Disclosure mailing list archives
Re: "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)
From: "Jason Coombs" <jasonc () science org>
Date: Thu, 11 Aug 2005 18:04:35 +0000 GMT
Florian Weimer wrote:
The implicit message that other disclosure processes were irresponsible was invaluable.
Invaluable; adjective 'Valuable beyond estimation. Priceless.' http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=invaluable You've got that right. It has proved invaluable to marketing efforts, lobbyist campaigns to get new legislation enacted, and disinformation spread by self-interested bad people. (I know you're not one of them) Sincerely, Jason Coombs jasonc () science org “A Trojan is malicious code that gives an attacker future unauthorized access to a computer or its data. Nobody with common sense refers to spyware as Trojans.” -----Original Message----- From: Florian Weimer <fw () deneb enyo de> Date: Thu, 11 Aug 2005 19:15:27 To:Matthew Murphy <mattmurphy () kc rr com> Cc:full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] "responsible disclosure" explanation (an example of the fallacy of idealistic thought) * Matthew Murphy:
Let me just define "responsible disclosure" first of all, so as to dissociate myself from the lunatic lawyers of certain corporations (Cisco, HP, ISS, et al) who define "responsible disclosure" as "non-disclosure". The generally accepted definition of responsible disclosure is simply allowing vendors advance notification to fix vulnerabilities in their products before information describing such vulnerabilities is released.
Back in 2001, this was called "full disclosure", see: <http://www.wiretrip.net/rfp/policy.html> (The document is probably even older, use archive.org to find out.) In retrospect, "responsible disclosure" was always more a marketing term than anything else (just like "blended threat"). The implicit message that other disclosure processes were irresponsible was invaluable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: "responsible disclosure" explanation (anexample of the fallacy of idealistic thought) Jason Coombs (Aug 11)