seeking comments on disclosure articles
Vulnerability Disclosure: Where Do You Stand?
If you see a glaring security hole in a sensitive application, what will you
do? Will you notify the developer? The users? Other hackers? Sometimes it's
best not to be the good Samaritan. Read about "The Chilling Effect" and also
find out why Bruce Schneier thinks full and open disclosure is a "damned good
idea" while Marcus Ranum says disclosure of vulnerabilities is a marketing ploy
by vendors that was never really designed to further security and has only
succeeded in fostering a "grey-market economy in exploits." Do you think
disclosure only aids attackers?
http://www2.csoonline.com/exclusives/column.html?CID=28088