Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)

From: "Jason Coombs" <jasonc () science org>
Date: Thu, 11 Aug 2005 18:04:35 +0000 GMT
Florian Weimer wrote:

The implicit message that other
disclosure processes were
irresponsible was invaluable.


Invaluable; adjective

'Valuable beyond estimation. Priceless.'

http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=invaluable

You've got that right. It has proved invaluable to marketing efforts, lobbyist campaigns to get new legislation 
enacted, and disinformation spread by self-interested bad people.

(I know you're not one of them)

Sincerely,

Jason Coombs
jasonc () science org

“A Trojan is malicious code that gives an attacker future unauthorized access to a computer or its data. Nobody with 
common sense refers to spyware as Trojans.”

-----Original Message-----
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 11 Aug 2005 19:15:27 
To:Matthew Murphy <mattmurphy () kc rr com>
Cc:full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] "responsible disclosure" explanation (an
        example of the fallacy of idealistic thought)

* Matthew Murphy:


Let me just define "responsible disclosure" first of all, so as to 
dissociate myself from the lunatic lawyers of certain corporations 
(Cisco, HP, ISS, et al) who define "responsible disclosure" as 
"non-disclosure".  The generally accepted definition of responsible 
disclosure is simply allowing vendors advance notification to fix 
vulnerabilities in their products before information describing such 
vulnerabilities is released.


Back in 2001, this was called "full disclosure", see:

  <http://www.wiretrip.net/rfp/policy.html>

(The document is probably even older, use archive.org to find out.)

In retrospect, "responsible disclosure" was always more a marketing
term than anything else (just like "blended threat").  The implicit
message that other disclosure processes were irresponsible was
invaluable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: