This discussion is perfectly analogous to the debate on full disclosure
of vulnerabilities of any kind. Do you have any new arguments to
present one way or the other?

Cheers,
Dan

H C wrote:
[snip]
> My concern is that the Incidents list, in particular,
> is a public forum, and viewable by everyone. No
> background investigations are conducted, and no NDAs
> are signed. Such a forum makes for an excellent place
> for malicious individuals to troll for potential
> targets. After all, what are the keys that most folks
> hope for when they attack a target? Unpatched
> systems, clueless admins (no offense,
> Matt...really)...basically, easy targets. Maximum
> effect with the least effort and risk.
[snip]

---------------------------
Dan Ellis
MITRE Infosec Eng/Scientist
work (703) 883-5807
fax (703) 883-1397

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]