Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: "responsible disclosure" explanation

"responsible disclosure" explanation

From: Georgi Guninski <guninski_at_guninski.com>
Date: Fri, 5 Aug 2005 15:50:23 +0300

here is what "responsible disclosure" means:

according to:
http://www.theregister.co.uk/2005/07/29/cisco_settles_rogue_researcher_dispute/

"Cisco's actions (regarding) Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices and procedures for responsible disclosure,"

the term "responsible disclosure" is a corporate instrument for trying to
shut people up.

i doubt the "responsible" argument will stand in a non-us court.
also challenge the fact that this is "established industry practice".

the net result of the cisco gate is the info is out there and cisco is
resetting luser's password.

check the flames about the responsibility rfc, which got ditched by the
IETF.

note: i don't promote neither disclosure, nor non-disclosure - everyone
choses for themselves. 

-- 
where do you want bill gates to go today?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 05 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]