2005/12/07 : Andrew Cencini, Kevin Yu, Tony Chan write upon the different choices of vulnerability disclosures.
"When a software vulnerability is discovered by a third party, the complex question of who, what and when to tell about such a vulnerability arises. Information about software vulnerabilities, when released broadly, can compel software vendors into action to quickly produce a fix for such flaws; however, this same information can amplify risks to software users, and empower those with bad intentions to exploit vulnerabilities before they can be patched. This paper provides an analysis of the current state of affairs in the world of software vulnerabilities, various techniques for disclosing these vulnerabilities, and the costs, benefits and risks associated with each approach."
Critical Commentary
2005/12/07 : Andrew Cencini, Kevin Yu, Tony Chan write upon the different choices of vulnerability disclosures.
"When a software vulnerability is discovered by a third party, the complex question of who, what and when to tell about such a vulnerability arises. Information about software vulnerabilities, when released broadly, can compel software vendors into action to quickly produce a fix for such flaws; however, this same information can amplify risks to software users, and empower those with bad intentions to exploit vulnerabilities before they can be patched. This paper provides an analysis of the current state of affairs in the world of software vulnerabilities, various techniques for disclosing these vulnerabilities, and the costs, benefits and risks associated with each approach."