The vulnerability disclosure game: are we more secure?
Can we speak frankly about "vulnerability disclosure" now? Can we, please? Itís long past time. More than a decade into the process, can anyone say security has improved?
Back in the mid-1990s, when the vulnerability disclosure economy was starting to take shape, I was one of a small handful of security practitioners who was trying hard to apply the brakes against what we saw as a dangerous trend.
[ Read more ]