Blog Posts Tagged with "Full Disclosure"

0a8cae998f9c51e3b3c0ccbaddf521aa

Bug Bounty Programs - As a Service?

January 02, 2013 Added by:Rafal Los

Now, admittedly you already probably know I'm not a huge proponent of "bug bounty" programs, as I see the abuses and failure potential outweigh the redemption value in the cases I've seen outside of the few 'big names'... but this caught my attention because they may actually be onto something.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)

B8db824b8b275afb1f4160f03cd3f733

Disclosures: How Much Sharing is Too Much?

February 15, 2012 Added by:Jack Daniel

What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

KPN Hack: Why was Customer Notification Delayed?

February 13, 2012 Added by:Pierluigi Paganini

The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...

Comments  (0)

37f65c068b7723cd7809ee2d31d7861c

Mandatory Disclosure: A Hazard for Infosec?

July 30, 2010 Added by:Niels Groeneveld

Management teams prefer to reduce risk and cost. The legislation forces companies to disclose breaches, but does not force companies to find them. Given these circumstances, a possible option to reduce risk is to decrease the chance that security breaches will be found...

Comments  (3)

11146d62a6c31fb9fac8ac8ac991e08d

Full Disclosure is irresponsible

July 01, 2010 Added by:Andy Willingham

I’ve always said that Full Disclosure is irresponsible and usually hurts more people than it helps and I still believe that is the case. The full disclosure crowd says that it is the only way to get the vendors to respond and release a patch and from time to time they are right but by and far today that is NOT the case.

Comments  (10)