Q&A: Responsible disclosure of vendor flaws and what it means
o some, vulnerability researchers such as H.D. Moore are knights in shining armor for their efforts to discover security flaws in software products. Since launching the controversial Metasploit Project in 2003, H.D. Moore and a group of independent bug hunters have publicly posted information that makes it easier to develop and test code that can be used to attack software vulnerabilities. Earlier this year, he began a Month of Browser Bugs campaign during which he promised to disclose one browser flaw a day for an entire month.
[ Read more ]