Vuln Dev
seeking comments on disclosure articles Jan 14 2007 03:33PM
Shawna McAlearney (SMcAlearney cxo com)

Hi all,

I'd love to hear what you think about some articles we posted on
disclosure. Please feel free to email me or post a comment on the
appropriate article as you see fit. I look forward to hearing your
insights.

If you see a glaring security hole in a sensitive application, what will
you do? Will you notify the developer? The users? Other hackers? Sometimes
it's best not to be the good Samaritan. Read about "The Chilling Effect"
and also find out why Bruce Schneier thinks full and open disclosure is a
"damned good idea" while Marcus Ranum says disclosure of vulnerabilities
is a marketing ploy by vendors that was never really designed to further
security and has only succeeded in fostering a "grey-market economy in
exploits."
http://www2.csoonline.com/exclusives/column.html?CID=28088

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus