<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: seeking comments on disclosure articles

seeking comments on disclosure articles

From: <smcalearney_at_cxo.com>
Date: 12 Jan 2007 14:07:35 -0000

('binary' encoding is not supported, stored as-is) Vulnerability Disclosure: Where Do You Stand?
If you see a glaring security hole in a sensitive application, what will you do? Will you notify the developer? The users? Other hackers? Sometimes it's best not to be the good Samaritan. Read about "The Chilling Effect" and also find out why Bruce Schneier thinks full and open disclosure is a "damned good idea" while Marcus Ranum says disclosure of vulnerabilities is a marketing ploy by vendors that was never really designed to further security and has only succeeded in fostering a "grey-market economy in exploits." Do you think disclosure only aids attackers?
http://www2.csoonline.com/exclusives/column.html?CID=28088
Received on Jan 12 2007

This message: [ Message body ]
Next message: Jim Manico: "Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue"
Previous message: process_at_cnbct.org: "Wordpress disclosure of Table Prefix Weakness"
Next in thread: Michael Scheidell: "RE: seeking comments on disclosure articles"
Maybe reply: Michael Scheidell: "RE: seeking comments on disclosure articles"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]