Blog Posts Tagged with "Full Disclosure"


Bug Bounty Programs - As a Service?

January 02, 2013 Added by:Rafal Los

Now, admittedly you already probably know I'm not a huge proponent of "bug bounty" programs, as I see the abuses and failure potential outweigh the redemption value in the cases I've seen outside of the few 'big names'... but this caught my attention because they may actually be onto something.

Comments  (0)


Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)


Disclosures: How Much Sharing is Too Much?

February 15, 2012 Added by:Jack Daniel

What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...

Comments  (0)


KPN Hack: Why was Customer Notification Delayed?

February 13, 2012 Added by:Pierluigi Paganini

The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...

Comments  (0)


Mandatory Disclosure: A Hazard for Infosec?

July 30, 2010 Added by:Niels Groeneveld

Management teams prefer to reduce risk and cost. The legislation forces companies to disclose breaches, but does not force companies to find them. Given these circumstances, a possible option to reduce risk is to decrease the chance that security breaches will be found...

Comments  (3)


Full Disclosure is irresponsible

July 01, 2010 Added by:Andy Willingham

I’ve always said that Full Disclosure is irresponsible and usually hurts more people than it helps and I still believe that is the case. The full disclosure crowd says that it is the only way to get the vendors to respond and release a patch and from time to time they are right but by and far today that is NOT the case.

Comments  (10)