New Vulnerability Disclosure Policy

Effective today March 20, 2002, SECURE TARGET will be following a new policy in regards to the disclosure of vulnerability information:

All vulnerabilities discovered by SECURE TARGET or any member of the entity including myself shall will be kept private during discovery and even after initial submission to vendors, unless otherwise explicitly considered harmless with no serious threat or active exploitation.

This policy makes the primary policy “Full disclosure of vulnerability information” ineffective immediately and SECURE TARGET will no longer support disclosure of vulnerabilities as a proactive countermeasure to malicious hacking. We no longer believe in full-disclosure of vulnerabilities as a way of defending against malicious hackers, or strengthening security community. Disclosure of computer security vulnerabilities never made us stronger against hacker community. They maliciously use information to attack networks and users promptly, but the security community never uses this information fast enough to actively mitigate the root causes, so the logic simply does not work.

All the articles publishing from today shall follow the new principle.