[ISN] Microsoft's Responsible Vulnerability Discosure, The New Non-Issue

From: InfoSec News (isnat_private)
Date: Mon Nov 12 2001 - 01:43:17 PST

  • Next message: InfoSec News: "[ISN] The Public Response To Terrorism"

    Forwarded from: security curmudgeon <jerichoat_private>
    Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue
    Sat Nov 10 03:00:48 MST 2001
    by Jericho (security curmudgeon)
    For almost a decade, a debate over the concept of Full Disclosure has
    reared its ugly head. Carried out on BBSs, newsgroups, security
    conferences, mail lists, parties, coffee shops and everywhere else,
    the Full Disclosure debate can be called "long standing" to say the
    least. As with everything in the computer industry before, Microsoft
    is doing nothing new here. Like many times before, Microsoft is
    re-inventing the wheel and opting for something other than round.
    The debate and issues at hand are complex and go back a long way.
    Short of writing a small book, I can't address every issue I would
    like to. The following article addresses some of the bigger issues.
    (please see the HTML copy for the full article and snazzy images!)
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 03:52:04 PST