Re: disclosure policy In my 20 or so years in security, disclosure policy has been my single biggest influence on vendor security efforts. IMHO The disclosure debate is about how much influence external parties should have on a vendor's efforts and not whether it is effective.
-
-
I'm not against disclosure, if that is the question. Actually, it helps devs to make a case for investments. I dislike when the big picture of all the moving parts gets lost in favour of "it's just two lines of code, how hard is that, vendor must be evil or incompetent"
-
We are shaped by our own experience. You deal a lot with external vendors, I prefer to focus on doing the right thing from the inside (engineering). I think we outline the good and bad of both.
- 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
