The thing I find most fascinating about the endless CVD (Coordinated Disclosure) vs Full Disclosure debate is that both sides are essentially right. Their arguments are sound, data and precedent on their side. The main difference is which outcome you're trying to optimize for.
-
Show this thread
-
If you're optimizing for "Treat everyone equally and consistently, and let every end user stand or fall on their own technical knowledge" then Full Disclosure is king. If you're optimizing for "Harm reduction" overall, then CVD is king. Everything else is preference.
6 replies 0 retweets 4 likesShow this thread -
Replying to @0xMatt
Nobody argues "every man for himself" lol! We argue for autonomy and empowering users. You're not a doctor, but I assume you want autonomy in choosing your treatment options, right? Why let your vendor choose what's best, and why trust them to have your best interests at heart?
1 reply 0 retweets 0 likes -
Replying to @taviso
At the moment, I'm "Sheltering in place" at the request of doctors as a harm reduction strategy for the broader population, even though what's best for me might be just wearing a mask and gloves and getting on with life. So, I think autonomy has its practical limits.
1 reply 0 retweets 2 likes -
I think you may also be overestimating the benefits of informed autonomy in a lot of cases where "informed" assumes technical skill or knowledge that people just don't have.
1 reply 0 retweets 1 like -
Replying to @0xMatt
If I understand correctly, you're saying you don't need to be informed why we're sheltering in place, you just trust that it's in your best interests?
2 replies 0 retweets 1 like -
Replying to @taviso
No but on that point, if we knew the exact odds of being infected in any random encounter and each individual were in charge of making risk calculations and just going about their business, would we all be better off?
1 reply 0 retweets 0 likes -
Replying to @0xMatt
Then I don't follow, your argument. My point is that it's a doctors job to explain the treatment options to you, not to just do whatever they think is best. Is that a good thing, or a bad thing?
1 reply 0 retweets 0 likes -
Replying to @taviso
I'm saying that your analogy is trying to frame CVD as a discussion between a doctor and a patient, when the closer analogy is between an Epidemiologist and a large, vulnerable population.
3 replies 0 retweets 1 like -
It just happens that we have a real life example of epidemiologists and a large, vulnerable population to point to right now - and what people are doing is mostly accepting "There's a big risk here, wash your hands and stay inside" as the totality of what they need to know.
2 replies 0 retweets 0 likes
This is nonsense, all of the information, statistics, models, even the genetic sequence is all available to the public. What is happening now is full disclosure mode. The CVD model would be "don't say a word until a vaccine is ready, a few people may die".
-
-
Replying to @taviso
Not exactly that, but that's because all analogies are ultimately flawed. Covid-19 will spread regardless of who knows about it. Many software vulnerabilities won't.
1 reply 0 retweets 0 likes -
Replying to @0xMatt
Cool, so if nobody knows about the vulnerability, then why fix it? If someone reported it, then clearly people are capable of finding it and exploiting it.
1 reply 0 retweets 0 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.