cybersecurity market

Anti-hacking method of full disclosure under attack from a part of the security industry - McClure and Scambray

2000 : The authors explain their view pro full disclosure and its aim of educating people. They add their opinion on the bad sides of full disclosure.
"The only rational solution is to make the script kiddies responsible for their actions, as we do with all criminals
...Read more

Schneier - Crypto-Gram March 15, 2002

2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.

"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the...Read more

Security in an Open Electronic Society - Levy reaction on Culp essay

2001/10/21 : Levy gives his point of view on Culp essay : "It appears Culp is more comfortable with an 'information dictatorship' or 'information oligarchy' model, and has entirely missed the fact that the movie house ...Read more

ENISA Report - Economics of Vulnerability Disclosure

2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.

"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited....Read more

Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay

2001/10/17 : "Code Red, Nimda and a few of the more recent worms were made possible not by the research that discovered the vulnerability they exploited but by the lack of awareness and training by system administrators who did not patch their systems." (p.1-2)

This artifact is part of...Read more

Security woes: Who is to blame? - Culp interview

2001/11/08 : Robert Lemos interviewed Scott Culp for CNET News.

"The essay is not calling for people to refrain from looking for security vulnerabilities, to stop reporting them to the vendors, to stop telling customers about them. We don't want to change any of that. The only thing that...Read more

A Step Towards Information Anarchy: A Call To Arms - hellNbak

2001 : Hellnbak proposes to enter the war against Culp's idea to "end information anarchy". Regarding to him, security should not be a question of calm business but more about safe and well-informed public.

This artifact is part of the ...Read more

Information Anarchy: The Blame Game? - Edwards reaction on Culp essay

2001/10/23 : Edwards analyses Culp essay on information anarchy.

"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more

Keeping Security Issues in the Open - Davies reaction on Culp essay

2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more

ACM: Digital Library: Computers and Society - Bollinger paper

2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.

"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)

This artifact...Read more

No more free bugs for software vendors (Fisher paper)

2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.

"It appears that the free ride is over for software vendors."Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

Subscribe to cybersecurity market