Difference between revisions of "Full vs. Responsible Disclosure of Vulnerabilities"
From CyberSecurity
m |
m |
||
| Line 2: | Line 2: | ||
| − | + | * What are software/hardware vulnerabilities? | |
| − | + | * Why should we disclose the vulnerabilities? | |
| − | + | * What peoples discover the vulnerabilities? | |
| − | * | + | * What peoples take the advantage of vulnerabilities? |
| − | + | * Once people discover vulnerabilities, how much should they disclose (full/partial)? Who should they disclose to (public/academic/manufacturer-only)? When should they disclose? | |
| − | ** | + | * What constitute a responsible disclosure? |
| + | * Does “Open Source” necessarily mean full disclosure? | ||
| + | * Comparing the disclosure of vulnerabilities to other non-cyber subjects, i.e. health, environment | ||
| + | * Should we have a public committee to manage/control the info of vulnerabilities? | ||
Revision as of 20:56, 11 November 2005
http://en.wikipedia.org/wiki/Full_disclosure
- What are software/hardware vulnerabilities?
- Why should we disclose the vulnerabilities?
- What peoples discover the vulnerabilities?
- What peoples take the advantage of vulnerabilities?
- Once people discover vulnerabilities, how much should they disclose (full/partial)? Who should they disclose to (public/academic/manufacturer-only)? When should they disclose?
- What constitute a responsible disclosure?
- Does “Open Source” necessarily mean full disclosure?
- Comparing the disclosure of vulnerabilities to other non-cyber subjects, i.e. health, environment
- Should we have a public committee to manage/control the info of vulnerabilities?
