vulnerability disclosure debate

Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue

2001/11/10 : Jericho writes upon the full disclosure debate. 

This artifact is part of the Culp debate Bundle.Read more

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Anti-Sec Movement

Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
AntiSecurity Presentation
AntiSec Policy
ImageShack hacked in oddball security protest (anti-sec movement)
AntiSec Policy

Here is the Anti-sec policy described by one of the members of the movement.

This artifact is part of the Anti-Sec movement Bundle.Read more

A Step Towards Information Anarchy: A Call To Arms - hellNbak

2001 : Hellnbak proposes to enter the war against Culp's idea to "end information anarchy". Regarding to him, security should not be a question of calm business but more about safe and well-informed public.

This artifact is part of the ...Read more

"MS throttles research to conceal SW bugs" (Greene paper)

2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.

"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more

Microsoft Reveals Anti-Disclosure Plan (Poulsen paper)

2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening. 

"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more

Ranum Keynote speech at the US Black Hat conference

https://www.youtube.com/watch?v=g93ofG4OYJU
;LOGIN: SPECIAL ISSUE ON SECURITY

1999/11 : Marcus Ranum and Jeremy Rausch wrote both on this special issue on Security. Did Jeremy Rausch wrote to respond  to Ranum’s article? The two article side-by-bside seems an editorial choice, was it an order of the journal ?

Between 1999...Read more

IETF

Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt
'Responsible Disclosure' Draft Could Have Legal Muscle - Rasch on Christey and Wysopal draft
Schneier - Crypto-Gram March 15, 2002
The realities of Disclosure : Morgenstern and Parker on Christey and Wysopal failure
Interview with Elias Levy (Bugtraq)

2000/10 : Interview with Elias Levy (Bugtraq). He explains his opinion on full disclosure. 

"Corporations only purpose is to generate money. Software vendors will only "take security seriously" when their customers do. Until then they have no incentive to...Read more

NEOHAPSIS - LeBlanc reaction on Culp essay

2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp. 

"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more

Subscribe to vulnerability disclosure debate
Need help with PECE?
Join the PECE Slack channel