Industry Fears the Red Pill

Industry Fears the Red Pill
Richard Forno, 2001-08-30

The security community must choose between the red pill of full disclosure or the blue pill of security through obscurity.

The red pill 2001-09-17
abaximus "mailto:pr0digy26@hotmail.com"

I agree with full-disclosure. But as you said "responsible" full-disclosure. I think that if your going to disclose the HOW, WHY, and even some code that will fix the vulnerability, that it doesn't matter whether you give out the exploit code or not. I can take the FIX code, and get the exploit code...

[ more ]