>>I meant the full disclosure vrs. bug secrecy stuff
>
>Ahhh, I see. Well, I posted a message in the chatter forum, personally, I'm against full disclosure. I'm not very sure here, but I don't think that Full Disclosure and Bug Secrecy are mutually exclusive, though they seem to be presented that way. Perhaps the best solution is a hybrid.
>
>Keep in mind, I'm not a security buff. Though, I do know what its like to find bad bugs in widley distributed software. I also know what its like to loose some time fixing problems like Code Red. So I'd say I'm more partial to bug secercy.

Mike;

“Full Disclosure” can go too far. If by full disclosure the industry means publish any security problem giving full details (address code, tools, etc.), I feel this is irresponsible. On the other hand if we receive a notice that there is a problem and a description of the venerability, that should be enough for the general public and IT Professionals. This still puts pressure on the software vendor without putting sensitive material into the hands of potential hackers and copycats.

The Governor of California recently gave a serious warning about potential threats against bridges in our State. He could have kept his mouth shut and “no one would have known”. I think he did the responsible thing and notified the authorities, called up the National Guard, Coast Guard, Hiway Patrol and other agencies. He then notified the public, which some people objected to.

The Television Media in our area was at this point interviewing Phd’s from U.C. Berkeley, Lawrence Hall of Science and Lawrence Livermore Laboratories, about how the Golden Gate and San Francisco Bay Bridges could be destroyed. They took the experts to the sites and explained in detail how to destroy the bridges. TV cameras took close ups of the points where the thousands of thin cables are anchored on the San Francisco side of the Bay Bridge, at Beale Street. The National Guard was on duty at that point and the street was no longer open to the public. The area was fenced off and is now guarded 24/7. Tourists come by to have their pictures taken with Guard members.

Ignorance is bliss! Those of us who are blissful are happy souls. Those of us who are informed are frustrated all too often. Somewhere there is a happy medium, but you cannot please everyone.

Tom