Share vulnerabilities or not?
First the University of Calgary announced plans to offer a class in writing computer viruses and other destructive programs. Then Wired magazine published the code of a viruslike program that caused mass havoc on the Internet this year.
Both developments infuriated virus-fighting companies and illustrated the high-stakes dilemma of computer security: Do you keep vulnerabilities secret or spread the knowledge so problems can be remedied faster?
The anti-virus industry is squarely in the first camp.
Dave Perry, director of education at Trend Micro, considers the article in this week's Wired detailing the Slammer worm a cheap grab for attention with no educational or ethical justification. He likened it to pornography, saying its publication could loosen the standards of acceptable behavior in the computer world.
[ Read more ]