Full Disclosure mailing list archives

Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...

From: "Jason Coombs" <jasonc () science org>
Date: Sat, 12 Mar 2005 21:19:07 +0000 GMT

Anyone really interested in getting zero day exploits to use for evil purposes has always known that the second best 
way to do that, right after hiring a black hat to find them, is to intercept priority communications between people who 
respond to “responsible disclosure” incidents.

Microsoft cannot control the spread of vulnerability exploit information.

Everyone can defend against a serious threat if they know it exists, whether or not there is a vendor patch, 
third-party security product, or workaround remediation/defensive configuration possible.

“Responsible disclosure” has never been responsible. It has always been a clever manipulative tool to expand the 
economic importance of certain people's business agendas.

Just look at where the founders of “responsible disclosure” have gone today...

The only fair disclosure policy is full disclosure.

Regards,

Jason Coombs
jasonc () science org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... Jason Coombs (Mar 12)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... J.A. Terranson (Mar 12)
  - Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... Pavel Kankovsky (Mar 13)