seeking comments on disclosure articles

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: seeking comments on disclosure articles
From: smcalearney@xxxxxxx
Date: 12 Jan 2007 14:07:35 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vulnerability Disclosure: Where Do You Stand?
If you see a glaring security hole in a sensitive application, what will you 
do? Will you notify the developer? The users? Other hackers? Sometimes it's 
best not to be the good Samaritan. Read about "The Chilling Effect" and also 
find out why Bruce Schneier thinks full and open disclosure is a "damned good 
idea" while Marcus Ranum says disclosure of vulnerabilities is a marketing ploy 
by vendors that was never really designed to further security and has only 
succeeded in fostering a "grey-market economy in exploits." Do you think 
disclosure only aids attackers?
http://www2.csoonline.com/exclusives/column.html?CID=28088

Prev by Date: Wordpress disclosure of Table Prefix Weakness
Next by Date: Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue
Previous by thread: Wordpress disclosure of Table Prefix Weakness
Next by thread: RE: seeking comments on disclosure articles
Index(es):
- Date
- Thread