2002/03/01 : Michael Morgenstern, Tom Parker and Scott Hardy write about vulnerability disclosure debate occuring since one year. They assume "it's time to be responsible".
"Over the last 12 months various computer-using groups have been intensely debating the...Read more
2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Here is Weld Pond answer to it.
This artifact is part of the Bundle...Read more
2002/02/28 : Steven M. Bellovin and Randy Bush shows the utility of obscurity and open discussions on vulnerabilities. Read more
Here is the Anti-sec policy described by one of the members of the movement.
This artifact is part of the Anti-Sec movement Bundle.Read more
2001/10/23 : Edwards analyses Culp essay on information anarchy.
"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more
2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more
2000/01/15 - Schneier Crypto-Gram newsletter :
nCypher publically disclosed SSL private key vulnerabilities to sell their solution to fix the flaw. Schneier writes here his opinion against this practice.
This article is part of the...Read more
2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.
Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more
2001/08/15 : Elias Levy continues the full disclosure debate.Read more
2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.
"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more