What do you think about the full disclosure of vulnerabilities?
I am in favor of it. Only by studing past failures can we mitigate future ones. Of course, this requires an environment where people may learn and apply the past lessons. I do think that the discovers of a vulnerability should notify vendors discretely before posting details. The key point should be getting the vulnerability fixed and systems patched not about giving script kiddies another exploit.
What are your plans for the future? Any exciting new projects?
I am currently enjoying the celebrity lifestyle of a security author. :) My current project is to spend time with those close to me.