2000/09/15 : Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.
"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there. When a security vulnerability exists in a product, it creates what I call a window of exposure. This window exists until the vulnerability is patched, and that patch is installed. The shape of this window depends on how many people can exploit this vulnerability, and how fast it is patched. What everyone wants is to make this window as small as possible." (p.1)
Critical Commentary
2000/09/15 : Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.
"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a product, it creates what I call a window of exposure. This window exists until the vulnerability is patched, and that patch is installed. The shape of this window depends on how many people can exploit this vulnerability, and how fast it is patched. What everyone wants is to make this window as small as possible." (p.1)
This article is part of the Schneier Publications Bundle