Fed plea: Stop security leaks
federal officials said they would use the government's massive purchasing power to force developers to improve the security of their products.
While acknowledging that software makers continue to release buggy products, Richard Schaeffer, deputy director of the National Security Agency, stressed that publicizing a vulnerability without warning and before a patch has been created could potentially threaten U.S. computing systems.
"Responsible disclosure means not letting out information that could do harm to critical systems falling into the wrong hands," he said.
[ Read more ]
- News: Government against full disclosure of vulnerabilities (2 August 2002)
- News: Show us the bugs - users want full disclosure (9 July 2002)
- News: Irresponsible Disclosure (28 June 2002)
- Article: Full Disclosure of Vulnerabilities - pros/cons and fake arguments (8 April 2002)