Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.

You can’t just say “the legal framework will solve it” or “just do coordinated disclosure.” Vendors, researchers, and users are not all rational actors playing the same game.

Vulnerability disclosure is more complex than that, and if you actually want to address the issue, you can’t just say “it doesn’t exist.”

#cve #gcve #vulnerabilitymanagement #cybersecurity #fulldisclosure #vulnerability

Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.

You can’t just say “the legal framework will solve it” or “just do coordinated disclosure.” Vendors, researchers, and users are not all rational actors playing the same game.

Vulnerability disclosure is more complex than that, and if you actually want to address the issue, you can’t just say “it doesn’t exist.”

#cve #gcve #vulnerabilitymanagement #cybersecurity #fulldisclosure #vulnerability