here is what "responsible disclosure" means: according to: http://www.theregister.co.uk/2005/07/29/cisco_settles_rogue_researcher_dispute/
"Cisco's actions (regarding) Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices and procedures for responsible disclosure," the term "responsible disclosure" is a corporate instrument for trying to shut people up. i doubt the "responsible" argument will stand in a non-us court. also challenge the fact that this is "established industry practice". the net result of the cisco gate is the info is out there and cisco is resetting luser's password. check the flames about the responsibility rfc, which got ditched by the IETF. note: i don't promote neither disclosure, nor non-disclosure - everyone choses for themselves. -- where do you want bill gates to go today? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
