Full disclosure: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Hayford Peirce
(put Bold on the lede words as per CZ convention)
imported>Justin C. Klein Keane
No edit summary
Line 5: Line 5:


Full disclosure also refers to an unmoderated mailing list operated by http://grok.org.uk.  The list [http://lists.grok.org.uk/full-disclosure-charter.html| charter] states any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information."  The mailing list serves as an outlet for vulnerability disclosures.
Full disclosure also refers to an unmoderated mailing list operated by http://grok.org.uk.  The list [http://lists.grok.org.uk/full-disclosure-charter.html| charter] states any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information."  The mailing list serves as an outlet for vulnerability disclosures.
Start your new article by replacing these lines! If it is your first one, you may have a look at [[CZ:Quick Start]], and if you cannot find it, just press the "Save page" button below this edit window — it will then be linked from here.


[http://www.wiretrip.net/rfp/policy.html| RFPolicy] is one of the most commonly cited and influential disclosure policies.  It outlines a method of communication with vendors to work towards a resolution of a security vulnerability.  The policy includes the implicit threat that uncooperative vendors will risk full disclosure.
[http://www.wiretrip.net/rfp/policy.html| RFPolicy] is one of the most commonly cited and influential disclosure policies.  It outlines a method of communication with vendors to work towards a resolution of a security vulnerability.  The policy includes the implicit threat that uncooperative vendors will risk full disclosure.

Revision as of 17:02, 21 July 2010

This article is developing and not approved.
 Main Article
 Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
https://en.citizendium.org/wiki/index.php?title=Full_disclosure&printable=yes
This editable Main Article is under development and subject to a disclaimer.

Full disclosure is a computer security vulnerability policy. There has been much debate about full disclosure and responsible disclosure. Disclosure policy is generally a matter of preference as no formalized or accepted guidelines exist. Full disclosure is the policy of releasing computer security vulnerability details (and associated exploit code) to the internet without first informing the vendor and allowing them to fix the issue. Such unfixed bugs are known as 0-day (pronounced "zero day" or "oh day"), since they can be used against systems without hope that users could patch. The so called "0-day threat" refers to the ability of systems to respond to undisclosed or previously unknown vulnerabilities.

Full disclosure also refers to an unmoderated mailing list operated by http://grok.org.uk. The list charter states any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information." The mailing list serves as an outlet for vulnerability disclosures.

RFPolicy is one of the most commonly cited and influential disclosure policies. It outlines a method of communication with vendors to work towards a resolution of a security vulnerability. The policy includes the implicit threat that uncooperative vendors will risk full disclosure.

Retrieved from "https://citizendium.org/wiki/index.php?title=Full_disclosure&oldid=794653"