Exploit Code on Trial

Exploit Code on Trial
Kevin Poulsen, SecurityFocus 2003-11-23

Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.

Exploit Code on Trial 2003-11-25
Leif Ericksen

Should we publish a book or should we not publish a book. Should we print a news story or should we not print a news story. Should we allow a person to speak or should we silence them (forever?).

OK, I have to agree with the folks that have stated that having exploit code out in the wild 'force...

[ more ]