Full Disclosure mailing list archives
Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...
From: "Jason Coombs" <jasonc () science org>
Date: Sat, 12 Mar 2005 21:19:07 +0000 GMT
Anyone really interested in getting zero day exploits to use for evil purposes has always known that the second best way to do that, right after hiring a black hat to find them, is to intercept priority communications between people who respond to “responsible disclosure” incidents. Microsoft cannot control the spread of vulnerability exploit information. Everyone can defend against a serious threat if they know it exists, whether or not there is a vendor patch, third-party security product, or workaround remediation/defensive configuration possible. “Responsible disclosure” has never been responsible. It has always been a clever manipulative tool to expand the economic importance of certain people's business agendas. Just look at where the founders of “responsible disclosure” have gone today... The only fair disclosure policy is full disclosure. Regards, Jason Coombs jasonc () science org
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... Jason Coombs (Mar 12)