Tag: Vulnerability Disclosure

Microsoft’s Responsible Vulnerability Disclosure, The New Non-Issue

[This was originally published on attrition.org] For almost a decade, a debate over the concept of Full Disclosure has reared its ugly head. Carried out on BBSs, newsgroups, security conferences, mail lists, parties, coffee shops and everywhere else, the Full Disclosure debate can be called “long standing” to say the least. As with everything in the computer…

November 10, 2001
Cashing in on Vaporware

“The CERT Coordination Center is a center of Internet security expertise“, and they have a new product to sell you. Only it isn’t really new – and it was never a stellar product to begin with. For years, CERT has been a federally funded group handling incident response, vulnerability analysis and published security alerts. They…

April 19, 2001
Full Disclosure – Effective or Excuse?

[This was originally published on attrition.org.] A comprehensive look at the practice of Full Disclosure, problems associated with it for vendors and security companies, and examples of full disclosure put to the test. (3300 words) The world of computer security has developed a wicked game of politically correct ‘cat and mouse’. This game is played…

April 27, 2000