Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Simon Richter)
Date: Thu, 11 Jul 2002 13:42:16 +0200 (CEST)
Hi,
We are pleased to announce the creation of a new security mailing list dedicated to FULL DISCLOSURE. When Scott Chasin handed over the bugtraq mailing list, it was clearly dedicated to the immediate and full dissemination of security issues. The current bugtraq mailing list has changed over the years, and some of us feel it has changed for the worse.
To me, the term "full disclosure" does not mean "make it available as fast as possible", but rather "here is the information, expect it to leak in the next two weeks, so go out and fix the bug". The current bugtraq scheme enforces that, and I believe they are doing a great job. By creating a forum in which vulnerability spotters can get "instant fame", you are forcing software vendors to monitor the forum 24/7, as a new vulnerability in their software could be disclosed anytime, and at the moment it is disclosed, script kiddies are hacking it into their scanners while it could be 4 am in the vendor's timezone. If we are lucky enough that the vulnerability is spotted by a whitehat, we should not jeopardize the time advantage we have by announcing it publically. In short, I think this is a bad idea because it adds confusion for the vulnerability spotters, risks early disclosure before fixes are available and thus harms the users. Simon -- GPG public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4
Current thread:
- Re: Announcing new security mailing list Simon Richter (Jul 11)
- Re: Announcing new security mailing list John Cartwright (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Re: Announcing new security mailing list Simon Richter (Jul 11)
- Re: Announcing new security mailing list Kurt Seifried (Jul 11)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list John Cartwright (Jul 11)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list Lupe Christoph (Jul 12)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Marc Slemko (Jul 11)