Mailinglist Archive

Disclosure or secrecy?

The free software community operates under the assumption that security
problems are best addressed through full disclosure. Keeping
vulnerabilities secret is seen as a recipe for slower development and
deployment of fixes and the recurrence of the same mistakes in new
contexts. Many other groups, such as military organizations, take a
different approach: secrecy is a key part of how they maintain security.
The two approaches would appear to be contradictory; which is the right
one? Peter Swire has just published a paper which attempts to answer
this problem. 

http://lwn.net/Articles/101270/