A Must Read: Brief Testimony of Our Disclosure Experience

We have been trying to expose our thoughts about the fundamental ethical issues in the industry for a quite a long time. The truth is that it is not very simple to define what a righteous hacking is or which is the best way to deal with discovered vulnerabilities. Moreover, we do realize that having this talk is also very subjective and has different meanings to everyone. In the past couple of months, GNUCITIZEN has increased its rank dramatically and became key topic of many media outlets. [...]

more | comments | comments rss | posted by

Full Disclosure?

As the GNUCITIZEN group grows, the team continue to find vulnerabilities in software products and applications, and there has been no real set policy around our members disclosure of these vulnerabilities. I think most of us have leaned towards the full-disclosure route. Occasionally, the vulnerability has been fairly critical and we have felt that releasing it early would be irresponsible, especially if the vendor had provided us with an acceptable timescale of when a fix would be available. [...]

more | comments | comments rss | posted by