vulnerability disclosure debate

AntiSecurity Presentation

Here is the presentation of the AntiSecurity movement. 

This artifact is part of the Anti-Sec movement Bundle.Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

NEOHAPSIS - LeBlanc reaction on Culp essay

2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp. 

"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more

MS says stop discussing hack exploits - Leyden paper

2001/10/18 : Leyden explains Culp essay.

This artifact is part of the Culp debate Bundle.Read more

Schneier - Crypto-Gram February 15, 2003

2003/02/15 : Schneier published his monthly newsletter.
He talks this time on Locksmiths.

"This position ignores the fact that public scrutiny is the only reliable way to improve security....Read more

Security Through Obscurity Considered Dangerous - Bellovin and Bush

2002/02/28 : Steven M. Bellovin and Randy Bush shows the utility of obscurity and open discussions on vulnerabilities. Read more

Do security holes demand full disclosure? - Pond answer to Ranum's Keynote

2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Here is Weld Pond answer to it.

This artifact is part of the Bundle...Read more

Keeping Security Issues in the Open - Davies reaction on Culp essay

2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more

Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue

2001/11/10 : Jericho writes upon the full disclosure debate. 

This artifact is part of the Culp debate Bundle.Read more

"MS throttles research to conceal SW bugs" (Greene paper)

2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.

"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more

Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay

2001/10/17 : "Code Red, Nimda and a few of the more recent worms were made possible not by the research that discovered the vulnerability they exploited but by the lack of awareness and training by system administrators who did not patch their systems." (p.1-2)

This artifact is part of...Read more

Culp Debate

Culp - It's time to end information anarchy
A Step Towards Information Anarchy: A Call To Arms - hellNbak
Information Anarchy: The Blame Game? - Edwards reaction on Culp essay
Security in an Open Electronic Society - Levy reaction on Culp essay
Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay
Keeping Security Issues in the Open - Davies reaction on Culp essay
NEOHAPSIS - LeBlanc reaction on Culp essay
Security woes: Who is to blame? - Culp interview
MS says stop discussing hack exploits - Leyden paper
ACM: Digital Library: Computers and Society - Bollinger paper
Full Disclosure of Vulnerabilities – pros/cons and fake arguments (Vidstrom paper)
Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue
Subscribe to vulnerability disclosure debate
Need help with PECE?
Join the PECE Slack channel