In recent posts we have been discussing full disclosure. Some of you may or may not know what full disclosure really is. Full disclosure is basically the making of information public. In terms of exploits, this means that the method and sometimes even the patch are disclosed.

I for one think that full disclosure is a necessary thing. Yes, it can create issues but what has been shown in the past is that companies will fix the problem a lot sooner after a full disclosure post has been made than when one is not. The generally consensus is contacting the vendor and give them a reasonable amount of time to address the problem and fix it before making the vulnerability public.

I think that is a very good practice. The problem being is that a lot of the time the companies will not get back to you in the time frame in which you requested. By releasing the exploit/vulnerability in the wild under full disclosure certainly seems to speed the process up. So the downfall however is obviously the exploit being in the wild which will affect more users for a short period of time. The benefit is however the patch will be made all the more quicker.

So what are your thoughts on full disclosure?

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • del.icio.us
  • Reddit
  • Spurl
  • Technorati

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!


This entry was posted on Wednesday, June 25th, 2008 at 2:32 pm and is filed under site news. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.