vulnerability disclosure debate

How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Exploit Code on Trial (Poulsen paper)

2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more

Motives of Code Red Bug Hunters Questioned (PC World paper)

2001/09/07 : Kim Zetter explains how full disclosure debate starts again with the "Code Red's astonishing success".Read more

Information Anarchy: The Blame Game? - Edwards reaction on Culp essay

2001/10/23 : Edwards analyses Culp essay on information anarchy.

"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more

THE PRICE OF RESTRICTING VULNERABILITY PUBLICATIONS (Granick Article)

2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Anti-hacking method of full disclosure under attack from a part of the security industry - McClure and Scambray

2000 : The authors explain their view pro full disclosure and its aim of educating people. They add their opinion on the bad sides of full disclosure.
"The only rational solution is to make the script kiddies responsible for their actions, as we do with all criminals...Read more

AntiSec Policy

Here is the Anti-sec policy described by one of the members of the movement.

This artifact is part of the Anti-Sec movement Bundle.Read more

Culp - It's time to end information anarchy

2001/10 : Scott Culp, who founded MSRC (Microsoft Security Response Center), wrote an influential paper, after a series of attacks (virus and worms) from Feb to September 2001. At this time, the irritation against hackers and full disclosures was already calm since months.

Culp...Read more

The realities of Disclosure : Morgenstern and Parker on Christey and Wysopal failure

2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.

"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more

Anti-Sec Movement

Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
AntiSecurity Presentation
AntiSec Policy
ImageShack hacked in oddball security protest (anti-sec movement)
Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered

1998-1999 : Birth of the anti-Sec movement.

"We are the Ant-Sec movement, and we are dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics."

This artifact is part of the ...Read more

Subscribe to vulnerability disclosure debate
Need help with PECE?
Join the PECE Slack channel