something definitly comes to my mind, most of (not to say all) juicy informations available on the bugtraq and all others interesting sources whatever they are (papers, ezine, exploits etc..) usually come from independant security [club of]? researchers and by any mean from commercial vendors like M$, iss, @stake and the like.

For the latters, blocking full disclosure is a matter of protecting their buisness, a good way and legal way to make even more profit by dropping minded customers into ignorance (a good point for software vendors) and letting them more exposed (perfect for security vendors). This is basically the link between M$ and IT security companies. One make huge holes, others are living upon.

Another interesting point is the limited availability of the information "a la Cert", just enough for security companies to make further researches, this kind of research their customers just can't afford cauz of a lack of time, cash or skills.

What would happen with all these good free stuffs like snort nessus and others.. ?

By the way, i guess that underground may become the main security source for some security officers one day or another if such a proposal become the international and legal way to share such informations, that's an announced nightmare for most of you.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/281/8715#8715