Frank Hecker wrote:
(Historical note: We went through a analogous exercise trying to
decide what sort of policy we should have with regard to disclosing
security vulnerabilities. I and others were sympathetic to the "full
disclosure" position, but we couldn't simply dictate such a policy,
because there were key Mozilla developers and corporate sponsors who
were viscerally opposed to full disclosure. Instead we had to engage
in a long drawn-out effort to reach a compromise -- which eventually
we did.)
Side question: the economics of disclosure is a current
research are for myself and Adam Shostack ... are there
any summaries of the positions of the opposing camps
on that debate? I've read the security page you posted
the other day, and it certainly hints at the compromise
you suggest.
iang
http://www.emergentchaos.com/archives/000855.html
http://www.financialcryptography.com/mt/archives/000319.html
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
