Great analogy(great movie too). If not for the full disclosure with so many vulnerablities a sys admin would not stand a chance of keeping his network/servers up to date. I for one would not install a hotfix without knowing what it really fixes. If I know the vulnerablity then at least I can decide for myself weather or not the vulnerablity is great enough to install even more Microsoft software on my server. Bill gates would love for us all to take the blue pill. Many times the cure is worse than the problem if that means this last hotfix has blown up my server. The unicode exploit on iis 4/5 was a good example of how full disclosure is the best way to go. I was really glad I did not have to go underground to find out about it. The hackers will always know about these things. I do not understand the argument that full disclosure puts information in the hands of the wrong people. The vulnerability is there, and the vendor is the one responsible not the guy who found it. I suppose some people would like to see the old Soviet Union come back too.
It did not work for them. In a free society there is no room for this. Great article !!!!!!



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/20/7004#7004