vulnerability disclosure debate

Anti-hacking method of full disclosure under attack from a part of the security industry - McClure and Scambray

2000 : The authors explain their view pro full disclosure and its aim of educating people. They add their opinion on the bad sides of full disclosure.
"The only rational solution is to make the script kiddies responsible for their actions, as we do with all criminals...Read more

Schneier - Crypto-Gram February 15, 2003

2003/02/15 : Schneier published his monthly newsletter.
He talks this time on Locksmiths.

"This position ignores the fact that public scrutiny is the only reliable way to improve security....Read more

Software Vulnerabilities: Full-, Responsible-, and Non-Disclosure - (Cencini, Yu and Chan publication)

2005/12/07 : Andrew Cencini, Kevin Yu, Tony Chan write upon the different choices of vulnerability disclosures.

"When a software vulnerability is discovered by a third party, the complex question of who, what...Read more

Black Hat 2000 - Ranum and Granick VS Rausch and Amhed

April 2000, at the Black Hat Conference (Singapour) took place a debate with Ranum and Granick against Rausch and Amhed.Read more
Three Minutes With Security Expert Bruce Schneier (PCWorld paper)

2001/09/28 : Kim Zetter interviews Bruce Schneier on his opinion about full disclosure.

This artifact is part of the Schneier publications Bundle.Read more

MS says stop discussing hack exploits - Leyden paper

2001/10/18 : Leyden explains Culp essay.

This artifact is part of the Culp debate Bundle.Read more

Keeping Security Issues in the Open - Davies reaction on Culp essay

2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more

Schneier - Crypto-Gram September 15, 2000

2000/09/15 :  Schneier published his monthly newsletter and explains here his opinion on full disclosure debate.

"What’s interesting is that everybody wants the same thing; they’re just disagreeing about the best way to get there.
When a security vulnerability exists in a...Read more

Ranum Keynote Slides (Black Hat Conference 2000)

2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.

Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more

Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

AntiSec Policy

Here is the Anti-sec policy described by one of the members of the movement.

This artifact is part of the Anti-Sec movement Bundle.Read more

Security in an Open Electronic Society - Levy reaction on Culp essay

2001/10/21 : Levy gives his point of view on Culp essay : "It appears Culp is more comfortable with an 'information dictatorship' or 'information oligarchy' model, and has entirely missed the fact that the movie house ...Read more

Subscribe to vulnerability disclosure debate
Need help with PECE?
Join the PECE Slack channel