Businesses must realize that full disclosure is dead, a contributed article I wrote for SC Magazine. This is nothing like my usual webappsec banter, nor is it the stereotypical FD talking points everyone has heard and debated a million times before. Instead I tried to articulate my current views on the subject of vulnerability disclosure, which are probably very different than most, and where I believe the industry is heading.
“Full Disclosure is dead. Let me explain why. The information security world has changed, even if some don't see it or are unwilling to accept it. Vulnerability disclosure discussions based upon ethics are morally antiquated and naïve at best considering today's cyber-security climate...”
One thing I forgot to mention is that the many software vendors will try to capitalize on the fact that less vulnerabilities will get reported and say it's result of "more secure software".