, SecurityFocus 2003-06-04
A group of 11 of the largest software companies and computer security firms released the first public draft of a proposed bug disclosure standard on Wednesday, and asked the security community for comments.
Expand all |
Post comment
It's the same old tired argument and rfp summed it up best several years ago when he wrote about full disclosure and the RDS issue. It's probably still on his website - look it up.
Two points.
1) If you outlaw exploit code - only outlaws will have exploit code (there's a reason why it's a cliche). Microsoft (as a random example) have proved themselves to be very reticent about fixing security issues without the presure of full disclosure.
2) @stake won't do full disclosure? Bravo! But I don't work for @stake and neither do a lot of other people. The point here is so obvious I won't stress it other than to say that full disclosure will always have a forum. That's the nature of the beast.
RC
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/5458/20326#20326