2002/03/15 : Schneier published his monthly newsletter. Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.
"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the tension between bug secrecy and full disclosure." (p.2)
Schneier gives as well his opinion on the "Responsible Disclosure" IETF Document.
"In general, I agree with the philosophy of the document. I want vendors to have time to prepare patches before vulnerabilities are made public. At the same time, I don't want publication to be limited in any way. This document attempts to strike a balance, and I think it does a good job." (p.5)
Critical Commentary
2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.
"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the tension between bug secrecy and full disclosure." (p.2)
Schneier gives as well his opinion on the "Responsible Disclosure" IETF Document.
"In general, I agree with the philosophy of the document. I want vendors to have time to prepare patches before vulnerabilities are made public. At the same time, I don't want publication to be limited in any way. This document attempts to strike a balance, and I think it does a good job." (p.5)
This artifact is part of the Schneier Publications Bundle and the IETF Bundle.