http://insecure.org/news/fulldisclosure/
March 25, 2014
Like many of us in the security community, I (Fyodor) was shocked last
week by John Cartwright's abrupt termination of the Full Disclosure list
which he and Len Rose created way back in July 2002. It was a great
12-year run, with more than 91,500 posts during John's tenure. During that
time he fought off numerous trolls, DoS attacks, spammers, and legal
threats from angry vendors and researchers alike. John truly deserves our
appreciation and thanks for sticking with it so long!
Some have argued that we no longer need a Full Disclosure list, or even
that mailing lists as a concept are obsolete. They say researchers should
just Tweet out links to advisories that can be hosted on Pastebin or
company sites. I disagree. Mailing lists create a much more permanent
record and their decentralized nature makes them harder to censor or
quietly alter in the future. Jericho from OSVDB and Attrition elaborates
further in this great post.
Upon hearing the bad news, I immediately wrote to John offering help. He
said he was through with the list, but suggested: “you don't need me. If
you want to start a replacement, go for it.” After some soul searching
about how much I personally miss the list (despite all its flaws), I've
decided to do so! I'm already quite familiar with handling legal threats
and removal demands (usually by ignoring them) since I run Seclists.org,
which has long been the most popular archive for Full Disclosure and many
other great security lists. I already maintain mail servers and Mailman
software because I run various other large lists including Nmap Dev and
Nmap Announce.
[...]
--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
