Comments on: Full Disclosure? http://www.gnucitizen.org/blog/full-disclosure/ Information Security Think Tank Mon, 08 Sep 2008 05:13:09 +0000 http://wordpress.org/?v=2.6.1 By: david.kierznowski http://www.gnucitizen.org/blog/full-disclosure/#comment-38884 david.kierznowski Sat, 04 Aug 2007 13:33:32 +0000 http://www.gnucitizen.org/blog/full-disclosure#comment-38884 Nokia, what you saying is why Full Disclosure came about in the first place really. Researchers got tired of companies pushing their findings aside. In a large way, FD has really helped push the information security industry forward. Nokia, what you saying is why Full Disclosure came about in the first place really. Researchers got tired of companies pushing their findings aside. In a large way, FD has really helped push the information security industry forward.

]]> By: Nokia http://www.gnucitizen.org/blog/full-disclosure/#comment-38735 Nokia Fri, 03 Aug 2007 18:04:09 +0000 http://www.gnucitizen.org/blog/full-disclosure#comment-38735 Do you alter your thoughts on this dependant on the company/organisation/domain in question? I recently strongly hinted to a well known organisation about a flaw they had with one of their pages; I didn't receive so much as a thank you in reply - however the flaw was patched in less that 3 hours, which was quite impressive. The company employs people for this very reason and probably pays them a pretty decent wage....I now take the stance [for this company] that if the folks they are paying can not secure their own set-up and if they are no going to at least appear grateful when someone tells them for fee, then I won't inform them about anything I may discover on their domain in the future - I won't inform anyone else but I certainly won't inform them. Do you alter your thoughts on this dependant on the company/organisation/domain in question?

I recently strongly hinted to a well known organisation about a flaw they had with one of their pages; I didn’t receive so much as a thank you in reply - however the flaw was patched in less that 3 hours, which was quite impressive.

The company employs people for this very reason and probably pays them a pretty decent wage….I now take the stance [for this company] that if the folks they are paying can not secure their own set-up and if they are no going to at least appear grateful when someone tells them for fee, then I won’t inform them about anything I may discover on their domain in the future - I won’t inform anyone else but I certainly won’t inform them.

]]>