Show us the bugs - users want full disclosure
Based on interviews with more than 300 software security professionals, the report shows that end users overwhelmingly support full disclosure - announcing security vulnerabilities as soon as they are discovered. The end users surveyed for the report are clearly angry that vendors are releasing insecure applications, and then not responding when flaws are detected, Hurwtiz reports.
"They see full disclosure in public forums and in the press as the only way to force vendors to respond to vulnerabilities caused by poorly written and insecure code. In fact, end users overwhelmingly support full disclosure even if it means exposing security flaws within their organisation that could have a negative impact on their company," it writes.
[ Read more ]
- News: Irresponsible Disclosure (28 June 2002)
- Article: An informal analysis of vendor acknowledgement of vulnerabilities (8 April 2002)
- Article: Full Disclosure of Vulnerabilities - pros/cons and fake arguments (8 April 2002)
- Article: Issues: "Save a bug, safe a life?" (1 April 2002)