While many people are slamming Cox's actions and opinions (as well as many others taking a similar stance), lots of people are missing (what I believe to be) one of the main reasons for full disclosure, education.

I myself agree with software authors and vendors being given a 'grace' period before releasing details of a vulnerability, as I believe it is the right thing to do (how would you like it if someone found a way to break into your home, but then went and told the whole neighbourhood about it before telling you?).

But once the issue has been addressed by the author, or if it isn't addressed by the author in suitable time, then details should be released. This way programmers can look at other people's mistakes and learn from them.

Also, in response to Cox's decision being due to the DMCA, I believe that a person of Cox's position should stand up and actively disapprove of such monumentally flawed, and in my own opinion morally wrong, law.

The Open Source movement, and programmers at large, should lobby and protest against the DMCA, and educate people from all walks of life (ie. people other than us coders/geeks) about the ramifications of the DMCA, and the message that it sends. That big corporations have more rights and freedoms than the common people.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/35/8744#8744