And So it Begins. – August = Month of Full Disclosure
Month of Full Disclosure
As the main title of this post states, August 2010 will be a full disclosure month.
Normally within a month I may talk to around 20 or so organisations advising them of general bugs and security issues within their products or websites. The number varies as I do this as a hobby and not a full time job.
My main job is as a Systems Test Manager.
So I decided to see what happens if I take a month out from doing things the normal way of disclosing all issues to the site or software house first and only when fixes place advising the users. So for August only I’ll be advising the public at the same time as advising the site / or software house involved.
All issues discovered before the month of August and any that are currently being discussed with sites or software houses are not included and will remain closed for public consumption until the issue is fixed and even then only if the company involves gives permission.
I doubt if any humdingers will come out but you never know
If any issues are found which could affect a very high number of users data at risk then I will revert to responsible disclosure, and give the vendor time to fix the issue.
Martin Hall
