vulnerability disclosure debate

Schneier publications

Schneier - Crypto-Gram August 15, 1999
Schneier - Crypto-gram January 15, 2000
Schneier - Crypto-Gram February 15, 2000
Schneier - Cypto-Gram July 15, 2000
Schneier Keynote Speech at the US Black Hat Conference
Schneier - Crypto-Gram September 15, 2000
Three Minutes With Security Expert Bruce Schneier (PCWorld paper)
Schneier - Crypto-Gram November 15, 2001
Schneier - Crypto-Gram March 15, 2002
Schneier - Crypto-Gram February 15, 2003
Bug Bounty Programs Are Being Used to Buy Silence - Schneier Post
White-Hat Hate Crimes on the Rise (Wired Paper)

2001 : "A group of black-hat hackers, in a campaign called "Project Mayhem," have declared war on white-hat hackers who've gone to work for security firms."
The 'Project Mayhem' is the battle declaration of full-disclosure against anti-sec.Read more

Information Anarchy: The Blame Game? - Edwards reaction on Culp essay

2001/10/23 : Edwards analyses Culp essay on information anarchy.

"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more

THE PRICE OF RESTRICTING VULNERABILITY PUBLICATIONS (Granick Article)

2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more

How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

Black Hat 2000 - Ranum and Granick VS Rausch and Amhed

April 2000, at the Black Hat Conference (Singapour) took place a debate with Ranum and Granick against Rausch and Amhed.Read more
Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more

A Step Towards Information Anarchy: A Call To Arms - hellNbak

2001 : Hellnbak proposes to enter the war against Culp's idea to "end information anarchy". Regarding to him, security should not be a question of calm business but more about safe and well-informed public.

This artifact is part of the ...Read more

Three Minutes With Security Expert Bruce Schneier (PCWorld paper)

2001/09/28 : Kim Zetter interviews Bruce Schneier on his opinion about full disclosure.

This artifact is part of the Schneier publications Bundle.Read more

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Ranum Keynote Slides (Black Hat Conference 2000)

2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.

Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more

Subscribe to vulnerability disclosure debate
Need help with PECE?
Join the PECE Slack channel