The Partial Disclosure Dilemma presented at SOURCE Boston 2009

by Dino Dai Zovi (Trail of bits), Alexander Sotirov, Iván Arce, Dan Kaminsky, Katie Moussouris, Ryan Naraine,

Tags: Security

Summary : The never-ending debate about vulnerability disclosure has taken a new twist. In addition to "responsible disclosure" and "full disclosure," researchers are beginning to partially disclose security flaws, arguing that a phased approach to releasing information is important to ensure minimal exposure to attacks. Are they just playing the media? Overblowing minor issues? Is there common ground to be found to avoid overhyping vulnerabilities while keeping end-users secure?