Full Disclosure Mailing List: A Fresh Start

[InfoSec News <alerts () infosecnews org>]

http://insecure.org/news/fulldisclosure/

March 25, 2014

Like many of us in the security community, I (Fyodor) was shocked last 
week by John Cartwright's abrupt termination of the Full Disclosure list 
which he and Len Rose created way back in July 2002. It was a great 
12-year run, with more than 91,500 posts during John's tenure. During that 
time he fought off numerous trolls, DoS attacks, spammers, and legal 
threats from angry vendors and researchers alike. John truly deserves our 
appreciation and thanks for sticking with it so long!

Some have argued that we no longer need a Full Disclosure list, or even 
that mailing lists as a concept are obsolete. They say researchers should 
just Tweet out links to advisories that can be hosted on Pastebin or 
company sites. I disagree. Mailing lists create a much more permanent 
record and their decentralized nature makes them harder to censor or 
quietly alter in the future. Jericho from OSVDB and Attrition elaborates 
further in this great post.

Upon hearing the bad news, I immediately wrote to John offering help. He 
said he was through with the list, but suggested: “you don't need me. If 
you want to start a replacement, go for it.” After some soul searching 
about how much I personally miss the list (despite all its flaws), I've 
decided to do so! I'm already quite familiar with handling legal threats 
and removal demands (usually by ignoring them) since I run Seclists.org, 
which has long been the most popular archive for Full Disclosure and many 
other great security lists. I already maintain mail servers and Mailman 
software because I run various other large lists including Nmap Dev and 
Nmap Announce.

[...]

--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/