Full Disclosure Vulnerability Warning Service Closes
The Full Disclosure site seeks closure after an apparently exhausting legal tussle with an unnamed researcher
The administrators of the Full Disclosure vulnerability mailing list have decided to close the service, thanks to the actions of an unnamed researcher.
John Cartwright, who set up the service in July 2002 on the back of calls for a free and open forum for security vulnerability disclosure, said he could not continue to fight with a researcher who had asked for a large tranche of the site to be deleted.
It appeared the unnamed researcher had issued a legal complaint about certain posts on the Seclists.org site where the Full Disclosure list could be found.
Full Disclosure closed indefinitely
“I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to,” Cartwright said.
“I never imagined that request might come from a researcher within the ‘community’ itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I’m done.
“Taking a virtual hatchet to the list archives on the whim of an individual just doesn’t feel right. That ‘one of our own’ would undermine the efforts of the last 12 years is really the straw that broke the camel’s back.”
He then went on the offensive about the security community in general, saying there was “no honour amongst hackers”, “no real community” and “precious little skill”. “The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.”
Reactions have been mixed. Some said it was a tragedy for the security world. “This is a real step backwards for the security community,” said Russ Spitler, vice president of product strategy for AlienVault, which is an advertiser on the site. “While the loss of a news source like full disclosure will be replaced, the reason for the shutdown is the real loss for the community. For years security by obscurity was the prevalent approach even among large ISV’s – pressure from forums such as full disclosure helped changed that approach.”
Others noted the declining popularity of Full Disclosure, as the entire vulnerability market has now changed. The rise of bug bounties and exploit sales have led researchers to sharing their findings with people who will pay them.
Still want to try wearable tech? Try our quiz!