New Vulnerability Disclosure Policy

Effective today March 20, 2002, SECURE TARGET will be following a new policy in regards to the disclosure of vulnerability information:

All vulnerabilities discovered by SECURE TARGET or any member of the entity including myself shall will be kept private during discovery and even after initial submission to vendors, unless otherwise explicitly considered harmless with no serious threat or active exploitation.

This policy makes the primary policy “Full disclosure of vulnerability information” ineffective immediately and SECURE TARGET will no longer support disclosure of vulnerabilities as a proactive countermeasure to malicious hacking. We no longer believe in full-disclosure of vulnerabilities as a way of defending against malicious hackers, or strengthening security community. Disclosure of computer security vulnerabilities never made us stronger against hacker community. They maliciously use information to attack networks and users promptly, but the security community never uses this information fast enough to actively mitigate the root causes, so the logic simply does not work.

All the articles publishing from today shall follow the new principle.

Published by Kaveh Mofidi

He starts and finishes a day for only one reason which he is so passionate about: find simple solutions for huge and complicated issues! He believes information security and computers are so fun to deal with, but the real deal is to find solution for unlimited clean energy, drinkable water, hunger, war, injustice... those are our real problems on the Earth!

Leave a comment

Your email address will not be published. Required fields are marked *