Ingevaldson, Dan (ISS Atlanta) wrote:
What would the results look like if you asked a loaded question that
leaned in the other direction?
Should software vendors disclose information about software
vulnerabilities to the global hacking community at the same time as all
their customers who haven't
Which adds to the full disclosure debate a resounding, disclose asap. And
shows that many in the industry feel this is needed to not only address
issues in their envs as quickly as possible to mitigate problems until a
fix/poatch is available, but, that most feel dicslosure puts the pressure
on
PROTECTED] On Behalf Of Ron
DuFresne
Sent: Thursday, July 08, 2004 12:04 PM
To: Steven M. Christey
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Information Week: 2/3 of pros want
immediate disclosure
Which adds to the full disclosure debate a resounding, disclose asap.
And shows that many
Information Week just posted an article titled Disclosure: Security
Pros Want Flaw Information Sooner in which they surveyed 7,000
business technogology and security professionals. 66% argued for
immediate disclosure upon discovery, and another 32% wanted disclosure
once a patch was available,
