Full Disclosure versus Responsible Disclosure
I'm making the assumption the list is still moderated, so you'll only see
this if its approved.
I'm looking for a public security company who, as a company, is prepared to
argue in favor of Full Disclosure versus my suggested Responsible
Disclosure. Its a TV opportunity, any takers?
FYI, one point against Full Disclosure might be open distribution of exploit
code, or code snippets in public discovery announcements, or other attempts
to provide "useful" proof of concept or exploit code.
One point in favor of Responsible Disclosure is the vetting of announcements
to accurately depict severity, provide coordinated effort to get Vendors to
fix problems, avoid government regulation of information.
Call me or email, 705.878.3405.