Full Disclosure mailing list archives
Re: "responsible disclosure" explanation (an example of the fallacy of idealistic thought)
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 11 Aug 2005 19:15:27 +0200
* Matthew Murphy:
Let me just define "responsible disclosure" first of all, so as to dissociate myself from the lunatic lawyers of certain corporations (Cisco, HP, ISS, et al) who define "responsible disclosure" as "non-disclosure". The generally accepted definition of responsible disclosure is simply allowing vendors advance notification to fix vulnerabilities in their products before information describing such vulnerabilities is released.
Back in 2001, this was called "full disclosure", see: <http://www.wiretrip.net/rfp/policy.html> (The document is probably even older, use archive.org to find out.) In retrospect, "responsible disclosure" was always more a marketing term than anything else (just like "blended threat"). The implicit message that other disclosure processes were irresponsible was invaluable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- "responsible disclosure" explanation Georgi Guninski (Aug 05)
- Re: "responsible disclosure" explanation Florian Weimer (Aug 08)
- Re: "responsible disclosure" explanation Georgi Guninski (Aug 08)
- Re: "responsible disclosure" explanation Jason Coombs (Aug 08)
- Re: "responsible disclosure" explanation Jason Coombs (Aug 08)
- Re: "responsible disclosure" explanation (an example of the fallacy of idealistic thought) Matthew Murphy (Aug 08)
- Re: "responsible disclosure" explanation (an example of the fallacy of idealistic thought) robert (Aug 09)
- Re: "responsible disclosure" explanation (an example of the fallacy of idealistic thought) Florian Weimer (Aug 11)
- Re: "responsible disclosure" explanation Georgi Guninski (Aug 08)
- Re: "responsible disclosure" explanation Florian Weimer (Aug 08)
- <Possible follow-ups>
- Re: Re: "responsible disclosure" explanation Daniel H. Renner (Aug 09)