vulnerability disclosure debate

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Ranum Keynote Slides (Black Hat Conference 2000)

2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.

Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more


1999/11 : Marcus Ranum and Jeremy Rausch wrote both on this special issue on Security. Did Jeremy Rausch wrote to respond  to Ranum’s article? The two article side-by-bside seems an editorial choice, was it an order of the journal ?

Between 1999...Read more

Security Through Obscurity Considered Dangerous - Bellovin and Bush

2002/02/28 : Steven M. Bellovin and Randy Bush shows the utility of obscurity and open discussions on vulnerabilities. Read more

Full Disclosure: How Much Security Info Is Too Much? (Lyman article)

2001/10/02 : Jay Lyman writes into the NewsFactor Network about full disclosure debate. 

Read more

Schneier - Crypto-gram January 15, 2000

2000/01/15 - Schneier Crypto-Gram newsletter :
nCypher publically disclosed SSL private key vulnerabilities to sell their solution to fix the flaw. Schneier writes here his opinion against this practice. 

This article is part of the...Read more

Motives of Code Red Bug Hunters Questioned (PC World paper)

2001/09/07 : Kim Zetter explains how full disclosure debate starts again with the "Code Red's astonishing success".Read more

Schneier - Crypto-Gram February 15, 2003

2003/02/15 : Schneier published his monthly newsletter.
He talks this time on Locksmiths.

"This position ignores the fact that public scrutiny is the only reliable way to improve security....Read more

Security woes: Who is to blame? - Culp interview

2001/11/08 : Robert Lemos interviewed Scott Culp for CNET News.

"The essay is not calling for people to refrain from looking for security vulnerabilities, to stop reporting them to the vendors, to stop telling customers about them. We don't want to change any of that. The only thing that...Read more

Ant-Sec - We are going to terminate and - New Apache 0-day exploit uncovered

1998-1999 : Birth of the anti-Sec movement.

"We are the Ant-Sec movement, and we are dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics."

This artifact is part of the ...Read more

Subscribe to vulnerability disclosure debate