Software Bugs: To Disclose or Not to Disclose
October 3, 2005
Kenneth van Wyk
It’s the age-old battle of security: to disclose or not to disclose software defects.
The proverbial pendulum of opinion has been swinging back and forth on this issue for decades, and it’s not likely to stop any time soon. The issue reappeared just recently when an ISS employee was prohibited from speaking at a conference on the topic of a security vulnerability in Cisco’s IOS operating system.
Here’s my take on it…
Kenneth van Wyk, a 19-year veteran of IT security, is the prinicpal [sic] consultant for KRvW Associates, LLC. The co-author of two security-related books, he has worked at CERT, as well as at the U.S. Department of Defense.