Re: [Full-disclosure] "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)

• Previous message: Fergie (Paul Ferguson): "Re: [Full-disclosure] Motorist wins case after maths whizzes break spe ed camera code (fwd)"
• Next in thread: J u a n: "Re: [Full-disclosure] "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)"
• Reply: J u a n: "Re: [Full-disclosure] "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Florian Weimer" <fw@deneb.enyo.de>
To: full-disclosure-bounces@lists.grok.org.uk
To: "Matthew Murphy" <mattmurphy@kc.rr.com>
Date: Thu, 11 Aug 2005 18:04:35 +0000 GMT

Florian Weimer wrote:
> The implicit message that other
> disclosure processes were
> irresponsible was invaluable.

Invaluable; adjective

'Valuable beyond estimation. Priceless.'

http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=invaluable

You've got that right. It has proved invaluable to marketing efforts, lobbyist campaigns to get new legislation enacted, and disinformation spread by self-interested bad people.

(I know you're not one of them)

Sincerely,

Jason Coombs
jasonc@science.org

“A Trojan is malicious code that gives an attacker future unauthorized access to a computer or its data. Nobody with common sense refers to spyware as Trojans.”

-----Original Message-----
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 11 Aug 2005 19:15:27
To:Matthew Murphy <mattmurphy@kc.rr.com>
Cc:full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] "responsible disclosure" explanation (an
        example of the fallacy of idealistic thought)

* Matthew Murphy:

> Let me just define "responsible disclosure" first of all, so as to
> dissociate myself from the lunatic lawyers of certain corporations
> (Cisco, HP, ISS, et al) who define "responsible disclosure" as
> "non-disclosure". The generally accepted definition of responsible
> disclosure is simply allowing vendors advance notification to fix
> vulnerabilities in their products before information describing such
> vulnerabilities is released.

Back in 2001, this was called "full disclosure", see:

  <http://www.wiretrip.net/rfp/policy.html>

(The document is probably even older, use archive.org to find out.)

In retrospect, "responsible disclosure" was always more a marketing
term than anything else (just like "blended threat"). The implicit
message that other disclosure processes were irresponsible was
invaluable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Fergie (Paul Ferguson): "Re: [Full-disclosure] Motorist wins case after maths whizzes break spe ed camera code (fwd)"
• Next in thread: J u a n: "Re: [Full-disclosure] "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)"
• Reply: J u a n: "Re: [Full-disclosure] "responsible disclosure" explanation (anexample of the fallacy of idealistic thought)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]