Talk:Full disclosure
From Wikipedia, the free encyclopedia
This entry is nominally correct, but it hardly takes into account both sides of the story. Life is much more complex than the simplistic binary choice which is presented in this entry (basically the two choices are presented as anti-social and misguided vs. just the way we know it must be done).
There as yet has been very little research done on what level or process of vulnerability dissemination provides the optimum benefit to society.
Anyone claiming to know a single answer that suffices for all instances should be prepared to substantiate the reasons.
It's also unfortunate that this particular article doesn't actually provide more information on the locksmith's debate from the 19th century. It is alluded to, but not discussed. Traditionally, the locksmiths have been against disclosure, not for it.
Well, the full-disclosure movement in internet security really took off in the early 1990s with the creation of the bugtraq mailing list, in response to several holes that were being actively, and widely, exploited. It was hotly debated at that time. This gives a pretty good example, and it may be possible to dig up some links to mailing list archives with good quotes... - Jmason 19:03, 1 August 2005 (UTC)
[edit] Suggest move to Full disclosure (computer security)
Full disclosure also has a meaning within journalism.
I've already created the Full disclosure (journalism) stub. I suggest this page be moved to Full disclosure (computer security) and full disclosure become a disambiguation page.
[edit] Disagreement with one sentence
"However, this argument assumes that without disclosure such tools and attacks would not have occurred."
I don't believe that is accurate. The argument is that releasing detailed information and/or working exploit code makes a malicious person aware of a vulnerability they were not previously aware of, as well as giving them the method to exploit it immediately.
The flaw may or may not have been exploited by someone privately. The point is that now everyone knows about it, including more people who will want to exploit it.
