[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Full Disclosure versus Responsible Disclosure
- To: cve-editorial-board-list@lists.mitre.org
- Subject: Full Disclosure versus Responsible Disclosure
- From: Russ <Russ.Cooper@rc.on.ca>
- Date: Wed, 25 Jul 2001 11:38:10 -0400
- Delivery-Date: Wed Jul 25 11:40:50 2001
- Sender: owner-cve-editorial-board-list@lists.mitre.org
I'm making the assumption the list is still moderated, so you'll only see this if its approved. I'm looking for a public security company who, as a company, is prepared to argue in favor of Full Disclosure versus my suggested Responsible Disclosure. Its a TV opportunity, any takers? FYI, one point against Full Disclosure might be open distribution of exploit code, or code snippets in public discovery announcements, or other attempts to provide "useful" proof of concept or exploit code. One point in favor of Responsible Disclosure is the vetting of announcements to accurately depict severity, provide coordinated effort to get Vendors to fix problems, avoid government regulation of information. Cheers, Russ Call me or email, 705.878.3405.
- Prev by Date: [CVEPRI] Editorial Board Teleconference Summary - June 21, 2001
- Next by Date: Re: Full Disclosure versus Responsible Disclosure
- Prev by thread: [CVEPRI] Editorial Board Teleconference Summary - June 21, 2001
- Next by thread: Re: Full Disclosure versus Responsible Disclosure
- Index(es):
