This question was recently debated by a panel at SOURCE Boston. Has the security researcher community given up all hope of full disclosure that it has resigned itself to debating partial disclosure? And is partial disclosure the new responsible disclosure? Those are heady and polarizing questions; so much so that two hours of spirited sparring Thursday during a panel discussion at SOURCE Boston brought us no closer to answers. Personally I think partial disclosure is perfectly fine; it's much more effective to control a fire if there are already extinguishers on the premise. As long as Vendors can be trusted it is in everybody's best interest to give them advanced notification, so they can have patches ready on disclosure day. However, most of this discussion is just academic.

The link for this article located at SearchSecurity.com is no longer available.