Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Full disclosure is the only responsible sort of disclosure.

Apple, like Microsoft, has the tendency to sweep things under the rug when they feel it is unlikely the situation will become public. The only way to correct this behavior is release what you find to the public and as fast as possible.



Hmmm, surely 'Responsible Disclosure'[1] is the only responsible sort of disclosure - so named because it is, er, responsible.

[1] - http://en.wikipedia.org/wiki/Responsible_disclosure

TL:DR of above link: "[responsible disclosure] is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details"


It should be noted that anyone can edit wikipedia, and this pejorative term has fortunately been rejected by researchers and vendors alike. Even by Microsoft: http://www.theregister.co.uk/2010/07/22/microsoft_coordinate...

I've pasted some other definitions of "responsible disclosure" in a different reply.


Just because they call it "responsible disclosure" doesn't mean it is responsible.

I can call myself a shark. That doesn't make it so.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: