Essays Tagged "CSO Online"

Page 1 of 1

Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good Idea'

  • Bruce Schneier
  • CSO Online
  • January 2007

Full disclosure — the practice of making the details of security vulnerabilities public — is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure.

Unfortunately, secrecy sounds like a good idea. Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of the hackers (See The Vulnerability Disclosure Game: Are We More Secure?). The problem, according to this position, is less the vulnerability itself and more the information about the vulnerability…

Sidebar photo of Bruce Schneier by Joe MacInnis.