Re: disclosure policy In my 20 or so years in security, disclosure policy has been my single biggest influence on vendor security efforts. IMHO The disclosure debate is about how much influence external parties should have on a vendor's efforts and not whether it is effective.
That's nonsense, how can the market react to information that you're arguing they shouldn't know? I'm saying make it public and let the market decide. You're saying don't let the market know, just trust us to do the right thing.
-
-
At what point have I ever advocated to not make information public? If anything I am for more information, not less (in fact I'm looking at all the incentives, not narrowing my scope to security bugs)
-
Then what is it you want? More information available to users, but delayed until it is no longer useful?
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
