Freedom of Information Act vs Homeland Security

psyki writes "Should vulnerabilities in our public infrastructure be handled like vulnerabilities in computer security? Wired has an interesting article about the state of the Freedom of Information Act, particularly how it is becoming increasingly difficult to obtain documents from reluctant agencies in the security-conscious post-Sept 11 era. What really made me think, however, was this line: "While keeping information about security vulnerabilities out of terrorists' hands is a legitimate goal, McMasters believes the government is taking secrecy a step too far. In the end, he said, communities would be safer and better able to plan for their own protection if they were aware of potential security holes in power plants, airport terminals or other facilities.". Sounds an awful lot like the raging debate in the computer security community regarding publicizing vulnerabilities."

Re:I'm not so sure...

[gilroy]

Blockquoth the poster:

But we're not just talking about software here. And there is no question that when an exploit is published that some individuals will take advantage of it.

Ahhg, I hate these complex ethical questions. In dealing with physical structures, we have to remember that you can't just issue a patch for a bridge or a tunnel. Budgetary, engineering, or other concerns might well prevent you from repairing a flaw even if it's out there. Plus, of course, physical structures are not likely to benefit from the "many eyeballs" effect: With source code, you check it because, after all, you will be using it. For a bridge or tunnel or power plant, that motivation is much removed.