full disclosure

Three Minutes With Security Expert Bruce Schneier (PCWorld paper)

2001/09/28 : Kim Zetter interviews Bruce Schneier on his opinion about full disclosure.

This artifact is part of the Schneier publications Bundle.Read more

ACM: Digital Library: Computers and Society - Bollinger paper

2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.

"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)

This artifact...Read more

Do security holes demand full disclosure? - Pond answer to Ranum's Keynote

2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Here is Weld Pond answer to it.

This artifact is part of the Bundle...Read more

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Into the Breach - Ferdin

1998/04/04 : Pamela Ferdin explains what is the L0pht.

This artifact is part of the L0pht Bundle.Read more

How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Improving the Security of Your Site by Breaking Into it

1993/12/02 : Dan Farmer and Wietse Venema published this paper about improving the security of websites by breaking into it.

By this publication, authors wished they "can increase security by raising awareness."(p.16-17)

They also explain the...Read more

Software Vulnerabilities: Full-, Responsible-, and Non-Disclosure - (Cencini, Yu and Chan publication)

2005/12/07 : Andrew Cencini, Kevin Yu, Tony Chan write upon the different choices of vulnerability disclosures.

"When a software vulnerability is discovered by a third party, the complex question of who, what...Read more

Full Disclosure of Vulnerabilities – pros/cons and fake arguments (Vidstrom paper)

2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.

This artifact is part of the Culp debate Bundle.Read more

Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

Subscribe to full disclosure