This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||
|
This entry is nominally correct, but it hardly takes into account both sides of the story. Life is much more complex than the simplistic binary choice which is presented in this entry (basically the two choices are presented as anti-social and misguided vs. just the way we know it must be done).
There as yet has been very little research done on what level or process of vulnerability dissemination provides the optimum benefit to society.
Anyone claiming to know a single answer that suffices for all instances should be prepared to substantiate the reasons.
It's also unfortunate that this particular article doesn't actually provide more information on the locksmith's debate from the 19th century. It is alluded to, but not discussed. Traditionally, the locksmiths have been against disclosure, not for it. —Preceding unsigned comment added by 139.149.1.194 ( talk • contribs) 04:29, 8 April 2003 (UTC)
Well, the full-disclosure movement in internet security really took off in the early 1990s with the creation of the bugtraq mailing list, in response to several holes that were being actively, and widely, exploited. It was hotly debated at that time. This gives a pretty good example, and it may be possible to dig up some links to mailing list archives with good quotes... - Jmason 19:03, 1 August 2005 (UTC)
Full disclosure also has a meaning within journalism.
I've already created the Full disclosure (journalism) stub. I suggest this page be moved to Full disclosure (computer security) and full disclosure become a disambiguation page. —Preceding unsigned comment added by Ben@liddicott.com ( talk • contribs) 10:37, 1 October 2004 (UTC)
"However, this argument assumes that without disclosure such tools and attacks would not have occurred."
I don't believe that is accurate. The argument is that releasing detailed information and/or working exploit code makes a malicious person aware of a vulnerability they were not previously aware of, as well as giving them the method to exploit it immediately. —Preceding unsigned comment added by 65.5.246.150 ( talk • contribs) 00:24, 7 September 2006 (UTC)
The flaw may or may not have been exploited by someone privately. The point is that now everyone knows about it, including more people who will want to exploit it. —Preceding unsigned comment added by 65.5.246.150 ( talk • contribs) 00:27, 7 September 2006 (UTC)
A section discussing vulnerability brokers would probably make a good addition. Noloader ( talk) 03:39, 30 August 2010 (UTC)
The result of the move request was: Moved. EdJohnston ( talk) 01:26, 1 April 2014 (UTC)
{{
requested move/dated}}
– "Full disclosure" is a generic term widely used in many domains including business, securities, journalism, politics. It's usage in computer security is marginal compared to these others. Joja lozzo 16:52, 24 March 2014 (UTC)
*'''Support'''
or *'''Oppose'''
, then sign your comment with ~~~~
. Since
polling is not a substitute for discussion, please explain your reasons, taking into account
Wikipedia's policy on article titles.Hello fellow Wikipedians,
I have just added archive links to one external link on
Full disclosure (computer security). Please take a moment to review
my edit. You may add {{
cbignore}}
after the link to keep me from modifying it, if I keep adding bad data, but formatting bugs should be reported instead. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether, but should be used as a last resort. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 17:38, 29 March 2016 (UTC)
It looks that RFPolicy was the first policy of full disclosure, going back to 2001. Also some mentioned in Talk:Responsible_disclosure#reference_to_idefence_and_other.
I think it would be good to have all these listed together in one place.
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||
|
This entry is nominally correct, but it hardly takes into account both sides of the story. Life is much more complex than the simplistic binary choice which is presented in this entry (basically the two choices are presented as anti-social and misguided vs. just the way we know it must be done).
There as yet has been very little research done on what level or process of vulnerability dissemination provides the optimum benefit to society.
Anyone claiming to know a single answer that suffices for all instances should be prepared to substantiate the reasons.
It's also unfortunate that this particular article doesn't actually provide more information on the locksmith's debate from the 19th century. It is alluded to, but not discussed. Traditionally, the locksmiths have been against disclosure, not for it. —Preceding unsigned comment added by 139.149.1.194 ( talk • contribs) 04:29, 8 April 2003 (UTC)
Well, the full-disclosure movement in internet security really took off in the early 1990s with the creation of the bugtraq mailing list, in response to several holes that were being actively, and widely, exploited. It was hotly debated at that time. This gives a pretty good example, and it may be possible to dig up some links to mailing list archives with good quotes... - Jmason 19:03, 1 August 2005 (UTC)
Full disclosure also has a meaning within journalism.
I've already created the Full disclosure (journalism) stub. I suggest this page be moved to Full disclosure (computer security) and full disclosure become a disambiguation page. —Preceding unsigned comment added by Ben@liddicott.com ( talk • contribs) 10:37, 1 October 2004 (UTC)
"However, this argument assumes that without disclosure such tools and attacks would not have occurred."
I don't believe that is accurate. The argument is that releasing detailed information and/or working exploit code makes a malicious person aware of a vulnerability they were not previously aware of, as well as giving them the method to exploit it immediately. —Preceding unsigned comment added by 65.5.246.150 ( talk • contribs) 00:24, 7 September 2006 (UTC)
The flaw may or may not have been exploited by someone privately. The point is that now everyone knows about it, including more people who will want to exploit it. —Preceding unsigned comment added by 65.5.246.150 ( talk • contribs) 00:27, 7 September 2006 (UTC)
A section discussing vulnerability brokers would probably make a good addition. Noloader ( talk) 03:39, 30 August 2010 (UTC)
The result of the move request was: Moved. EdJohnston ( talk) 01:26, 1 April 2014 (UTC)
{{
requested move/dated}}
– "Full disclosure" is a generic term widely used in many domains including business, securities, journalism, politics. It's usage in computer security is marginal compared to these others. Joja lozzo 16:52, 24 March 2014 (UTC)
*'''Support'''
or *'''Oppose'''
, then sign your comment with ~~~~
. Since
polling is not a substitute for discussion, please explain your reasons, taking into account
Wikipedia's policy on article titles.Hello fellow Wikipedians,
I have just added archive links to one external link on
Full disclosure (computer security). Please take a moment to review
my edit. You may add {{
cbignore}}
after the link to keep me from modifying it, if I keep adding bad data, but formatting bugs should be reported instead. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether, but should be used as a last resort. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 17:38, 29 March 2016 (UTC)
It looks that RFPolicy was the first policy of full disclosure, going back to 2001. Also some mentioned in Talk:Responsible_disclosure#reference_to_idefence_and_other.
I think it would be good to have all these listed together in one place.