New Vulnerability Disclosure Policy

Effective today March 20, 2002, SECURE TARGET will be following a new policy in regards to the disclosure of vulnerability information:

All vulnerabilities discovered by SECURE TARGET or any member of the entity including myself shall will be kept private during discovery and even after initial submission to vendors, unless otherwise explicitly considered harmless with no serious threat or active exploitation.

This policy makes the primary policy “Full disclosure of vulnerability information” ineffective immediately and SECURE TARGET will no longer support disclosure of vulnerabilities as a proactive countermeasure to malicious hacking. We no longer believe in full-disclosure of vulnerabilities as a way of defending against malicious hackers, or strengthening security community. Disclosure of computer security vulnerabilities never made us stronger against hacker community. They maliciously use information to attack networks and users promptly, but the security community never uses this information fast enough to actively mitigate the root causes, so the logic simply does not work.

All the articles publishing from today shall follow the new principle.

By Kaveh Mofidi

I find simple solutions for huge and complicated problems. I believe information security and computers in general are fun to deal with, but our problems are way bigger than securing information. The real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth! Contact me with any question or comment:

Leave a comment