
	Where results make sense

Topic: Full Disclosure

Related Topics

John Downer

1 E 8 kg

London Borough of Croydon

Bruin, Pennsylvania

Isaeus

Kermanshah

New Lettrist International

Foreign relations of Laos

Science magazine

Lung Mo

Electronvolt

Heavy metals

Rogue River

Denver, Norfolk

Loews Theatres

	Full disclosure - Wikipedia, the free encyclopedia
		Full disclosure requires that full details of a security vulnerability are disclosed to the public, including details of the vulnerability and how to detect and exploit it.
		Limited disclosure, with full details going to a restricted community of developers and vendors, and only the existence of the problem being released to the public, is another possible approach.
		The issue of full disclosure was first raised in the context of locksmithing, in a 19th century controversy regarding whether weaknesses in lock systems should be kept secret in the locksmithing community, or revealed to the public.
	en.wikipedia.org /wiki/Full_disclosure (939 words)

	Townhall.com :: Columns :: Full disclosure by Michael Kelly (Site not responding. Last check: 2007-08-19)
		A typical Full Disclosure usage reads something like this: ``Jones may be the most incompetent--and is certainly the least impressive--judicial appointment put before a Senate since Caligula trotted out his horse.
		(Full Disclosure: Jones offered a somewhat negative review of my most recent collection of essays, characterizing my work as `the driveling drool of a diseased and degenerate mind'.)'' Or, conversely, ``Jones is an extraordinarily able nominee--a man of great probity, learning and humanity.
		(Full Disclosure: Jones, my college roommate, is married to my beloved younger sister, and he and I have played tennis together almost every Saturday morning for 17 years.)'' As full disclosures go, these are no Monties.
	www.townhall.com /columnists/michaelkelly/mk20020807.shtml (716 words)

	USENIX ;login: - disclosure
		Full disclosure endeavors to give people the flexibility to take what they feel is appropriate action, rather than be hampered by insufficient information.
		Full disclosure is in many ways akin to the open-source movement that's taking the computer world by storm.
		Because full disclosure is such a flexible and broad approach to security issues, people are often confused about what the delivery mechanism usually is and just who is doing the disclosing.
	www.usenix.org /publications/login/1999-11/features/disclosure.html (1835 words)

	Full disclosure movement - Wikipedia, the free encyclopedia
		Many hackers believe that posting working code taking advantage of vulnerabilities in a popular program or system will hasten the developers' release of an update or a patch to correct the issue.
		In some cases, a hacker or cracker may release an easy to use trojan or virus as a proof-of-concept.
		A lot of the time, the hacker will give developers some time to fix problems and issue patches before full disclosure.
	en.wikipedia.org /wiki/Full_disclosure_movement (160 words)

	Lead Surface Sampling: Full Disclosure Kit Instant Wipe Method for Lead
		Full Disclosure wipes should be an integral part of safety training for workers in lead industries.
		Full Disclosure wipes can be used to spot-check lead-contaminated work surfaces to ensure that a prescribed cleaning regimen has resulted in the desired "clean" levels.
		Full Disclosure is suitable for elemental lead, lead nitrate, lead sulfate, and lead oxide.
	www.skcinc.com /prod/550-001.asp (521 words)

	The Disclosure Project - Home Page
		Disclosure Project Director Dr. Steven Greer was a guest on the Charles Goyette radio show on Air America Phoenix, on Thursday, April 21st, at 8 am Phoenix time (11 am Eastern time) to discuss his lecture and workshop in Phoenix taking place on April 22nd and 23rd.
		Disclosure Project Director Dr. Steven Greer was a guest on the Coast to Coast AM radio show with George Noory on April 4-5, 2005.
		Disclosure Project Director Dr. Steven Greer was a guest on the Coast to Coast AM radio show with George Noory on Oct. 28-29, 2004.
	www.disclosureproject.org (668 words)

	Bug secrecy vs. full disclosure \| Tech News on ZDNet
		Since full disclosure has become the norm, the computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes vulnerabilities as quickly as possible.
		Full disclosure means that everyone gets the information at the same time, and everyone can act on it.
		Full disclosure is essential if we are to continue to improve the security of our computers and networks.
	news.zdnet.com /2100-9595_22-531066.html?legacy=zdnn (2963 words)

	Reliable Power Meters: Full Disclosure Technology (Site not responding. Last check: 2007-08-19)
		Full Disclosure is patented technology available only in the Power Recorder.
		Full Disclosure technology allows the Power recorder to measure all aspects in detail.
		Full Disclosure eliminates the "dead zone" found in older, capture- by- exception monitors that require manually programmed thresholds.
	www.reliablemeters.com /html/products_fulldisclosure.html (581 words)

	Selective Disclosure and Insider Trading
		Likewise, selective disclosure has an adverse impact on market integrity that is similar to the adverse impact from illegal insider trading: investors lose confidence in the fairness of the markets when they know that other participants may exploit "unerodable informational advantages" derived not from hard work or insights, but from their access to corporate insiders.
		Under the regulation, a selective disclosure is "intentional" when the issuer or person acting on behalf of the issuer making the disclosure either knows, or is reckless in not knowing, prior to making the disclosure, that the information he or she is communicating is both material and nonpublic.
		The requirement to make prompt disclosure is triggered when a senior official of the issuer learns that there has been a non-intentional disclosure of information by the issuer or a person acting on behalf of the issuer that the senior official knows, or is reckless in not knowing, is both material and non-public.
	www.sec.gov /rules/final/33-7881.htm (18034 words)

	LWN: The Apache vulnerability, full disclosure, and monocultures
		Full disclosure of security vulnerabilities is (usually) seen as a good thing in the free software community.
		The other side of full disclosure, however, is that, when done too soon, it can leave millions of users open to a vulnerability while no fix is available.
		Full disclosure is a powerful tool which should be used with care.
	lwn.net /Articles/2756 (1397 words)

	Full Disclosure is a necessary evil
		Lately there has been renewed debate over the practice of releasing detailed information on newly-discovered software vulnerabilities, with critics charging that 'full disclosure', as it is normally called, enables malicious users to break into systems, or to create viruses and worms.
		At the very least this demonstrates that full disclosure is not a prerequisite for fl hats to develop their own exploits.
		One proposed alternative to full disclosure that's been bandied about is to create a closed group of product vendors, security companies, and security experts through which full details of the vulnerabilities can be reported and shared, while the public only gets to learn of the vulnerability's existence.
	online.securityfocus.com /news/238 (692 words)

	Responsible Disclosure by Corporate Fiat
		It should accept the ultimate necessity of full disclosure, while accounting for the responsibilities of all parties and the limitations of the process.
		But full disclosure is more than a technical fact: it is also a practical necessity.
		Full disclosure originated as a response to vendor stonewalling: in the presence of a publicly available exploit, developers could not plausibly claim that no problems existed.
	online.securityfocus.com /columnists/120 (1359 words)

	Full Disclosure Network™- Hosted by Leslie Dutton
		Visitors to the Full Disclosure™ video blog are invited to participate in an Interactive survey on the topics and to leave comments for discussion on the blog.
		FULL DISCLOSURE NETWORK™ is billed as “the news behind the news”, the new Video Blog Special promises to live up to that reputation as it consists of six Hot Issue video blogs on topics largley ignored by the mainstream news media.
		The Full Disclosure Network™ has been producing a series of video blogs for the Internet using video clips from television interviews and events featuring prominent leaders who are involved in the school construction, planning, development and investigations of the L. Unified School District and Belmont Learning Center.
	www.fulldisclosure.net /news (3564 words)

	Full Disclosure of Vulnerabilities - pros/cons and fake arguments (Site not responding. Last check: 2007-08-19)
		Full disclosure will even the odds in the battle between attackers and defenders in this case.
		Full disclosure will in this case be more of benefit to the good guys than to the attacker.
		There is a time for full disclosure, and a time for covering things up, it all depends on which serves you best.
	www.ntsecurity.nu /papers/disclosure (1674 words)

	[No title]
		With anything less than full disclosure of the problem, administrators may react incorrectly or be unable to convince users and management that the problem is serious.
		Next, full tests must be run on previous versions of the software with the new patches to assure the new changes don't affect other aspects of the software.
		Their first advisory was released January 21, 1999 putting them into their first year of full disclosure.
	www.attrition.org /~jericho/works/security/full_disclosure.html (3162 words)

	Full Disclosure as supplied by EagleTraders.com
		Full or adequate disclosure is an accounting concept which requires that information provided in financial accounting reports be sufficiently complete to avoid misleading users of the reports by omitting significant facts or information.
		Full disclosure is required for the fair presentation of financial statements.
		Many disclosures are made in the body of the financial statements and in notes (footnotes), schedules, and supplementary statements.
	www.eagletraders.com /advice/securities/full_disclosure.htm (227 words)

	Full disclosure (Site not responding. Last check: 2007-08-19)
		Although certain issues are clear-cut, such as the mandatory disclosure of a site with known contamination, other environmental disclosure issues have yet to be outlined in the law.
		And while some states have dealt with the issue, most lawyers would agree that such disclosures will be debated in the courts on a case-by-case basis rather than codified in the near future.
		Because exact disclosure standards have not been set with certain environmental issues, personal attitude toward the risk level posed by environmental contamination can play a major role in whether or not the information is considered to be a material fact and therefore disclosed.
	db.inman.com /inman/inf/inman/archive.cfm?ID=970305e (847 words)

	[saag] Responsible Vulnerability Disclosure Process
		Enclosed please find our submission for an Internet-Draft, titled "Responsible Vulnerability Disclosure Process." As stated in an earlier message to Jeff Schiller, we appreciate being notified by the Security Area Advisory Group when it was clear that we were going astray of the openness that is the lifeblood of the IETF standards process.
		Note: in some cases, the reporter may be able to coerce the product into a state that is known to be exploitable, without creating a fully working exploit program (e.g., a buffer overflow with a long string of 'A' characters may produce a result that shows that the instruction pointer has been overwritten).
		This may cause the parties to bypass other phases of the disclosure process, or adopt a policy that avoids vendor notification because of previous bad experiences with vendors.
	jis.mit.edu /pipermail/saag/2001q4/000358.html (6411 words)

	UN nuclear agency wants "full disclosure" from Iran
		The head of the UN nuclear watchdog urged Iran on Tuesday to provide "full disclosure" of its nuclear program as inspectors prepared to travel to Tehran for a mission that he described as decisive.
		ElBaradei said the IAEA was now waiting for "full disclosure by Iran" to address claims that Tehran is seeking to develop nuclear weapons.
		He said that if Iran complied with full disclosure about its nuclear program the IAEA was prepared to spend an "undetermined" amount of further time waiting for test results to come in and otherwise reviewing the Iranian information.
	www.spacewar.com /2003/030930124616.viroawro.html (568 words)

	Frank Hecker, Mozilla : Full disclosure: for and against
		In the course of our discussing the proposed Mozilla CA certificate policy, Ian Grigg happened to ask about the existing Mozilla policy on handling security bugs and how we tried to forge a compromise between people advocating full disclosure of security bugs and people who were opposed to that.
		The discussion in the previous paragraph leads directly to two different arguments for full disclosure of security bugs, arguments that in my opinion are reasonable and deserve to be addressed.
		The second argument for full disclosure goes as follows: There are system administrators and other people who are responsible for a user community that would be using Firefox, Thunderbird, and related software and who have the means, the knowledge, and the motivation to help fix Mozilla-related security problems.
	www.hecker.org /mozilla/full-disclosure (2073 words)

	Show us the bugs – users want full disclosure \| The Register
		End-users overwhelmingly support the full disclosure of security vulnerabilities, according to a recent survey by analysts Hurwitz Group, which demonstrates widespread frustration about vendor responsiveness to security issues.
		In fact, end users overwhelmingly support full disclosure even if it means exposing security flaws within their organisation that could have a negative impact on their company," it writes.
		A full 39 per cent of respondents said that vulnerabilities should be disclosed upon discovery, with another 28 per cent wanting disclosure within one week.
	www.theregister.co.uk /2002/07/08/show_us_the_bugs_users (497 words)

	The Dangers Of Full Disclosure - Forbes.com (Site not responding. Last check: 2007-08-19)
		Full disclosure is often though to be a solution.
		Second, because most people are inclined to trust their advisers (after all, they picked them because they are trustworthy) when they have been informed about conflicts, they feel sure that their advisers can overcome them.
		And assuming that disclosure wipes the problem away is a serious mistake.
	www.forbes.com /home/services/2005/06/08/legal-disclosure-bias-cx_da_0608topnews.html (1008 words)

	RFPolicy v2.0
		Traditionally, alerting the community of a problem (but not providing full exploit details) has proven to be futile; other researchers are then just as likely to discover the problem as well--and they may not bide by the guidelines set by this policy.
		A lot of research is done on evaluation and trial versions of software--providing a single, full license/copy should produce little impact on the vendor, but greatly help the researcher.
		In addition, should the ORIGINATOR and MAINTAINER arrive at a unified resolution and disclosure, it may be of interest to contact the CVE officials (http://cve.mitre.org) to assign a CVE identifier to the vulnerability.
	www.wiretrip.net /rfp/policy.html (2040 words)

	Government Against Full Disclosure of Vulnerabilities
		The government is urging "white hat" hackers to search for security flaws in software, but also wants them to only pass information about those flaws on to software vendors and the government, not to the rest of the security community as is common practice today.
		"Full disclosure was born out of an effort to release the details of security fixes so that members of the public could repair problems on their own without waiting for vendors to respond.
		Smith advocates "limited disclosure," in which information about flaws would be distributed, but not exploits which show how to take advantage of those flaws.
	www.internetnews.com /dev-news/article.php/1437841 (906 words)

	Wired News: How Much Hack Info Is Too Much?
		Researchers counter that without full disclosure, companies often fail to swiftly patch security holes.
		Full disclosure, in theory, also alerts computer users to problems that are already known to malicious hackers, who often exploit holes before patches become available.
		"Even if you are in favor of full disclosure, that post falls far outside of the accepted parameters for a public forum," said security expert Richard Smith.
	www.wired.com /news/infostructure/0,1377,56463,00.html (902 words)

	Secure Business Quarterly (Site not responding. Last check: 2007-08-19)
		The guiding principle should be to create methods of disclosing the appropriate vulnerability information, to the appropriate people, at the appropriate times, and through the appropriate channels.
		We are all charged with protecting the critical infrastructure; if we fail to act accordingly, we become part of the problem rather than part of the solution.
		On the other extreme are those who believe that full public disclosure, complete with an exploitation program, is an appropriate response.
	www.sbq.com /sbq/vuln_disclosure (223 words)

	RelsJun1402.html
		We are writing to request immediate and full disclosure of whether any lobbyists have been or are in any way involved in any fundraising activities for you.
		Under current disclosure rules, donations to political parties do not have to be made public until six months after the end of any year, MPs and riding associations do not have to disclose donations received outside of election campaign periods, and donations to trust funds and leadership campaign funds never have to be disclosed.
		On April 13, 2000, we wrote you requesting immediate and full disclosure of whether any lobbyists have been or are in any way involved in any fundraising activities for you.
	www.dwatch.ca /camp/RelsJun1402.html (2257 words)

	The disclosure debate rages (Site not responding. Last check: 2007-08-19)
		For decades, companies from the largest enterprise environment to the tiny brick-and-mortar down the street have debated the merits of full disclosure and who should know about vulnerabilities first.
		Full disclosure is complicated and the lack of a standard reporting protocol doesn't help matters, according to Giga Senior Industry Analyst Michael Rasmussen.
		Full disclosure opponents say that a free exchange of vulnerability details only serves to arm the crackers, while proponents, like searchSecurity member David J. Bianco, say that sharing security information with other professionals is an "absolute necessity," especially when it comes to knowing if a vendor patch solves the problem.
	searchsecurity.techtarget.com /originalContent/0,289142,sid14_gci785476,00.html (927 words)

Try your search on: Qwika (all wikis)