« Voyager Worm Mutates | Main | Foot Discusses Express Edition »
January 09, 2006
Openness + the Disclosure Debate
While we're on the subject of database security, I'll also point out that the Voyager Worm vulnerability was released under Full Disclosure which , rather than trying to provide code through support channels and hoping it gets fixed quickly, presents the code to the world, hopefully encouraging the software company to fix the problem quickly. The opposite of such an open tactic is what security professionals call security through obscurity. If you take the perspective of the vendor, they argue that code released will find it's way into the hands of malicious hackers. If you see the security professionals perspective, they would argue that such code would get to malicious folks anyway, and without full disclosure the vendor has much less incentive to fix the problem.
Another interesting side of the question though is that disclosure of a serious security flaw can provide powerful advertising for a security firm. Brian Martin at The Age discusses this debate in further detail.
Posted by admin at January 9, 2006 04:38 AM