Richard Forno, 2001-08-30
The security community must choose between the red pill of full disclosure or the blue pill of security through obscurity.
Colapse all |
Post comment
Bad analogy?
2001-09-03
Coldman
Coldman
Analogy with blue & red pills are a bit strange - in both cases, according to movie, the characters had no chance to find out - what will be _next_, so at some extent it was not really fair.
So, unless you take the pill, you can't find it out, but once you took it - you have no way back.
The s...
[ more ] [ reply ]
So, unless you take the pill, you can't find it out, but once you took it - you have no way back.
The s...
[ more ] [ reply ]
Excessive assumptions lead to inaccurate results
2001-09-03
Anonymous
Anonymous
This article was no doubt based on one perspective, and targeted one audience. Unfortunately, it is an outcry by Corporate businessman trying to profit off someones hobbies. Truth is, not everyone deserves to be informed of everything, and of course not everyone can handle it. Just look at national ...
[ more ] [ reply ]
[ more ] [ reply ]
Full Disclosure
2001-09-03
H Carvey <keydet89@yahoo.com>
H Carvey <keydet89@yahoo.com>
I've lurked on forums and watched emails fly by on this subject. In one way, I am shocked that it's still an issue...but hey, IIS admins were warned of Code Red before it came out, and David LeBlanc and Eric Schultz have advocated disabling unnecessary functionality (ida/idq script mappings??) for....
[ more ] [ reply ]
[ more ] [ reply ]
The red pill
2001-09-06
Dave Hudson (1 replies)
Dave Hudson (1 replies)
Great analogy(great movie too). If not for the full disclosure with so many vulnerablities a sys admin would not stand a chance of keeping his network/servers up to date. I for one would not install a hotfix without knowing what it really fixes. If I know the vulnerablity then at least I can dec...
[ more ] [ reply ]
[ more ] [ reply ]
The red pill
2001-09-17
abaximus "mailto:pr0digy26@hotmail.com"
abaximus "mailto:pr0digy26@hotmail.com"
I agree with full-disclosure. But as you said "responsible" full-disclosure. I think that if your going to disclose the HOW, WHY, and even some code that will fix the vulnerability, that it doesn't matter whether you give out the exploit code or not. I can take the FIX code, and get the exploit code...
[ more ] [ reply ]
[ more ] [ reply ]
At least it's not the 'little purple pill'...
2002-01-29
Anonymous
Anonymous
Huh. Before I read this I would've said I was all for 'full disclosure'...
But surprisingly, after reading it, I'm actually not so sure anymore.
You brought up an interesting point - but didn't address it. If the 'majority of the world's computing community' prefers the blue pill, how do you mak...
[ more ] [ reply ]
But surprisingly, after reading it, I'm actually not so sure anymore.
You brought up an interesting point - but didn't address it. If the 'majority of the world's computing community' prefers the blue pill, how do you mak...
[ more ] [ reply ]
Only one point of concern... if there is too many blue pill people, what happens to the red pill poppers? Just like in the matrix ... you ...
[ more ] [ reply ]