lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070112140735.17140.qmail@securityfocus.com> Date: 12 Jan 2007 14:07:35 -0000 From: smcalearney@....com To: bugtraq@...urityfocus.com Subject: seeking comments on disclosure articles Vulnerability Disclosure: Where Do You Stand? If you see a glaring security hole in a sensitive application, what will you do? Will you notify the developer? The users? Other hackers? Sometimes it's best not to be the good Samaritan. Read about "The Chilling Effect" and also find out why Bruce Schneier thinks full and open disclosure is a "damned good idea" while Marcus Ranum says disclosure of vulnerabilities is a marketing ploy by vendors that was never really designed to further security and has only succeeded in fostering a "grey-market economy in exploits." Do you think disclosure only aids attackers? http://www2.csoonline.com/exclusives/column.html?CID=28088
Powered by blists - more mailing lists