[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] "responsible disclosure" explanation

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] "responsible disclosure" explanation
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Fri, 5 Aug 2005 15:50:23 +0300

here is what "responsible disclosure" means:

according to:
http://www.theregister.co.uk/2005/07/29/cisco_settles_rogue_researcher_dispute/

"Cisco's actions (regarding) Mr. Lynn and Black Hat were not based on the fact 
that a flaw was identified, rather that they chose to address the issue outside 
of established industry practices and procedures for responsible disclosure,"

the term "responsible disclosure" is a corporate instrument for trying to 
shut people up.

i doubt the "responsible" argument will stand in a non-us court.
also challenge the fact that this is "established industry practice".

the net result of the cisco gate is the info is out there and cisco is 
resetting luser's password.

check the flames about the responsibility rfc, which got ditched by the
IETF.

note: i don't promote neither disclosure, nor non-disclosure - everyone 
choses for themselves.

-- 
where do you want bill gates to go today?












_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] "responsible disclosure" explanation
  - From: Florian Weimer

Prev by Date: Re: [Full-disclosure] Fernando Gont remote command execution and big mouth vulnerability
Next by Date: Re: [Full-disclosure] <Cisco Message> Mike Lynn's controvers
Previous by thread: [Full-disclosure] [ GLSA 200508-04 ] Netpbm: Arbitrary code execution in pstopnm
Next by thread: Re: [Full-disclosure] "responsible disclosure" explanation
Index(es):
- Date
- Thread