I am frankly amazed that some of the companies listed in this article agreed to participate in this - though I can see why others have.

It's the same old tired argument and rfp summed it up best several years ago when he wrote about full disclosure and the RDS issue. It's probably still on his website - look it up.

Two points.

1) If you outlaw exploit code - only outlaws will have exploit code (there's a reason why it's a cliche). Microsoft (as a random example) have proved themselves to be very reticent about fixing security issues without the presure of full disclosure.

2) @stake won't do full disclosure? Bravo! But I don't work for @stake and neither do a lot of other people. The point here is so obvious I won't stress it other than to say that full disclosure will always have a forum. That's the nature of the beast.

RC

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/5458/20326#20326