Talk:Full disclosure (computer security)

This entry is nominally correct, but it hardly takes into account both sides of the story. Life is much more complex than the simplistic binary choice which is presented in this entry (basically the two choices are presented as anti-social and misguided vs. just the way we know it must be done).

There as yet has been very little research done on what level or process of vulnerability dissemination provides the optimum benefit to society.

Anyone claiming to know a single answer that suffices for all instances should be prepared to substantiate the reasons.

It's also unfortunate that this particular article doesn't actually provide more information on the locksmith's debate from the 19th century. It is alluded to, but not discussed. Traditionally, the locksmiths have been against disclosure, not for it. —Preceding unsigned comment added by 139.149.1.194 (talk • contribs) 04:29, 8 April 2003 (UTC)


 * ok so do i get money 2601:741:102:7AE0:BF25:3EA2:849A:C6C2 (talk) 23:49, 14 February 2023 (UTC)
 * yes or no 2601:741:102:7AE0:BF25:3EA2:849A:C6C2 (talk) 23:49, 14 February 2023 (UTC)

Well, the full-disclosure movement in internet security really took off in the early 1990s with the creation of the bugtraq mailing list, in response to several holes that were being actively, and widely, exploited. It was hotly debated at that time. This gives a pretty good example, and it may be possible to dig up some links to mailing list archives with good quotes... - Jmason 19:03, 1 August 2005 (UTC)

Suggest move to Full disclosure (computer security)
Full disclosure also has a meaning within journalism.

I've already created the Full disclosure (journalism) stub. I suggest this page be moved to Full disclosure (computer security) and full disclosure become a disambiguation page. —Preceding unsigned comment added by Ben@liddicott.com (talk • contribs) 10:37, 1 October 2004 (UTC)

Disagreement with one sentence
"However, this argument assumes that without disclosure such tools and attacks would not have occurred."

I don't believe that is accurate. The argument is that releasing detailed information and/or working exploit code makes a malicious person aware of a vulnerability they were not previously aware of, as well as giving them the method to exploit it immediately. —Preceding unsigned comment added by 65.5.246.150 (talk • contribs) 00:24, 7 September 2006 (UTC)

The flaw may or may not have been exploited by someone privately. The point is that now everyone knows about it, including more people who will want to exploit it. —Preceding unsigned comment added by 65.5.246.150 (talk • contribs) 00:27, 7 September 2006 (UTC)


 * In the future, you should sign your posts to avoid confusion. While I partly agree with your logic, I disagree with the overall point. You're assuming that the exploit code didn't exist pre-disclosure, which no one can say either way. If someone came to you and said "I know your password" - would you take the claim very seriously? You may or may not, and you may or may not change that password. If they came to you and told you WHAT your password was, you would be a lot more likely to change it as quickly as possible, right? That's the point here, it's entirely possible (and in some cases likely) that the code already exists - by releasing it, you're making it hard or impossible for the vendor to ignore the vulnerability. Eliwins (talk) 21:30, 20 October 2010 (UTC)

Vulnerability Brokers
A section discussing vulnerability brokers would probably make a good addition. Noloader (talk) 03:39, 30 August 2010 (UTC)

Requested move 24 March 2014

 * The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review. No further edits should be made to this section. 

The result of the move request was: Moved. EdJohnston (talk) 01:26, 1 April 2014 (UTC)

– "Full disclosure" is a generic term widely used in many domains including business, securities, journalism, politics. It's usage in computer security is marginal compared to these others. Joja lozzo  16:52, 24 March 2014 (UTC)
 * Full disclosure → Full disclosure (computer security)
 * Full disclosure (disambiguation) → Full disclosure

Survey

 * Feel free to state your position on the renaming proposal by beginning a new line in this section with  or  , then sign your comment with  . Since polling is not a substitute for discussion, please explain your reasons, taking into account Wikipedia's policy on article titles.


 * Support per nom. One would think one of the legalistic meanings would be more primary -- 70.50.151.11 (talk) 05:58, 25 March 2014 (UTC)
 * Support per nom and per above. bd2412  T 16:27, 26 March 2014 (UTC)

Discussion

 * Any additional comments:
 * The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page or in a move review. No further edits should be made to this section.

External links modified
Hello fellow Wikipedians,

I have just added archive links to 1 one external link on Full disclosure (computer security). Please take a moment to review my edit. You may add after the link to keep me from modifying it, if I keep adding bad data, but formatting bugs should be reported instead. Alternatively, you can add to keep me off the page altogether, but should be used as a last resort. I made the following changes:
 * Attempted to fix sourcing for http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/noarch.asp

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.—cyberbot II  Talk to my owner :Online 17:38, 29 March 2016 (UTC)

More history
It looks that RFPolicy was the first policy of full disclosure, going back to 2001. Also some mentioned in Talk:Responsible_disclosure.

I think it would be good to have all these listed together in one place.

Grv87 (talk) 00:09, 22 March 2021 (UTC)