2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more
Here is the Anti-sec policy described by one of the members of the movement.
This artifact is part of the Anti-Sec movement Bundle.Read more
2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.
"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more
2001/10/02 : Jay Lyman writes into the NewsFactor Network about full disclosure debate.
Read more
2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.
Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more
2002/03/01 : Michael Morgenstern, Tom Parker and Scott Hardy write about vulnerability disclosure debate occuring since one year. They assume "it's time to be responsible".
"Over the last 12 months various computer-using groups have been intensely debating the...Read more
2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :
"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more
Here is the presentation of the AntiSecurity movement.
This artifact is part of the Anti-Sec movement Bundle.Read more
2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.
"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more
2001/10/21 : Levy gives his point of view on Culp essay : "It appears Culp is more comfortable with an 'information dictatorship' or 'information oligarchy' model, and has entirely missed the fact that the movie house ...Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more
2000/01/15 - Schneier Crypto-Gram newsletter :
nCypher publically disclosed SSL private key vulnerabilities to sell their solution to fix the flaw. Schneier writes here his opinion against this practice.
This article is part of the...Read more