Categories: SecurityWorkspace

Full Disclosure Vulnerability Warning Service Closes

The administrators of the Full Disclosure vulnerability mailing list have decided to close the service, thanks to the actions of an unnamed researcher.

John Cartwright, who set up the service in July 2002 on the back of calls for a free and open forum for security vulnerability disclosure, said he could not continue to fight with a researcher who had asked for a large tranche of the site to be deleted.

It appeared the unnamed researcher had issued a legal complaint about certain posts on the Seclists.org site where the Full Disclosure list could be found.

Full Disclosure closed indefinitely

“I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to,” Cartwright said.

“I never imagined that request might come from a researcher within the ‘community’ itself (and I use that word loosely in modern times).  But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I’m done.

“Taking a virtual hatchet to the list archives on the whim of an individual just doesn’t feel right.  That ‘one of our own’ would undermine the efforts of the last 12 years is really the straw that broke the camel’s back.”

He then went on the offensive about the security community in general, saying there was “no honour amongst hackers”, “no real community” and  “precious little skill”. “The entire security game is becoming more and more regulated.  This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.”

Reactions have been mixed. Some said it was a tragedy for the security world. “This is a real step backwards for the security community,” said Russ Spitler, vice president of product strategy for AlienVault, which is an advertiser on the site. “While the loss of a news source like full disclosure will be replaced, the reason for the shutdown is the real loss for the community. For years security by obscurity was the prevalent approach even among large ISV’s – pressure from forums such as full disclosure helped changed that approach.”

Others noted the declining popularity of Full Disclosure, as the entire vulnerability market has now changed. The rise of bug bounties and exploit sales have led researchers to sharing their findings with people who will pay them.

Still want to try wearable tech? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

17 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

18 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

19 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago