Schneier On Full Disclosure
Bruce let me know that he's written a piece on ZDNet (original home of the for the Window of Exposure idea is on Counterpane ? ) about the problems of not following full disclosure. Very well written and does a great job of summarizing why full disclosure works. The original piece from Culp @ Microsoft is also available, along with the PowerPoint that they did.
Full disclosure may be good, but full exposure will get you thrown in jail!
"People that quote themselves in their signatures bother me" - athakur999
Everybody seems to like "Full Disclosure," so here at Microsoft, we've decided to begin releasing all security vulnerabilities under a "Shared Disclosure" policy. Once the various NDAs are signed, you too can view and work with any security vulnerabilities that we know about.
Just another example of how Microsoft listens to and responds to customer requests. Have a nice day!
If a tree fell on a florist, and nobody was around to hear it, would he make a noise?
When you see a fire in a crowded theatre, you:
(A) Shout "FIRE!" and get crushed in the panic.
(B) Walk out quietly...who cares about anyone else?
(C) Tell your closest neighbor and hope that they're a fireman.
(D) Pour on gasoline so everyone will get out faster.
Someone suggested that the Manhattan Project go to the United States Treasury and ask for silver.
Of course, this was before somebody suggesting using Uranium and Plutonium. They gave the silver back because it wouldn't blow up. Uranium makes really lousy money on the other hand. Is has a good weight, and it's a bit warm to the touch, giving it a nice feel in your hands. But it tended to cause tumors on the upper thigh, right where trouser's pockets are. So for the treasury and the war department, it was what you'd call a "win-win situation".
If tits were wings it'd be flying around.