OpenBSD Journal

Full Disclosure and the Window of Exposure

Contributed by Dengue on from the bruce.schneier dept.

Bruce Schneier's excellent CryptoGram newsletter this month features: Full Disclosure and the Window of Exposure , a discussion of the arguments and philosophies present in the never ending disclosure debate.

oops , didn't look close enough, this is from the september CryptoGram. Look here for October's CryptoGram.

(Comments are closed)

  1. By saad () on

    The cryptogram newsletter you are speaking about is date sept, 2000! this month's cryptogram newsletter hasn't been published yet (or so it seems).

  2. By Noryungi () n o r y u n g i @ y a h o o . c o m on

    is this one .

    The above link is Schneier answer to M$ Scott Culp attack on full disclosure. Hope this helps!

  3. By skoll crohshah () ~@! on mailto:~@!

    Bruce's article just rehashes what is known- that
    there is a window of vulnerability from discovery to pathching. He reiterates his philosophy of "transcending the patch cycle" which his esposes better in other news letters. He plugs his own company as the extension of that philosophy, so I guess we can all purchase his monitoring service for our home DSL/Cable based lans.

    It's a pretty unspectacular little piece.

    A more insightful piece might have gone into the strategic significance of why closed-source companies are now bashing the full-disclosure with vigor (i.e. the repeated black eyes they are getting, and will continue to get), the probability of success using legal means as the extension of their PR campaigns to "outlaw" full disclosure (as seems likely), and so on.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]