Categories: SecurityWorkspace

Full Disclosure Vulnerability Warning Service Closes

The administrators of the Full Disclosure vulnerability mailing list have decided to close the service, thanks to the actions of an unnamed researcher.

John Cartwright, who set up the service in July 2002 on the back of calls for a free and open forum for security vulnerability disclosure, said he could not continue to fight with a researcher who had asked for a large tranche of the site to be deleted.

It appeared the unnamed researcher had issued a legal complaint about certain posts on the Seclists.org site where the Full Disclosure list could be found.

Full Disclosure closed indefinitely

“I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to,” Cartwright said.

“I never imagined that request might come from a researcher within the ‘community’ itself (and I use that word loosely in modern times).  But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I’m done.

“Taking a virtual hatchet to the list archives on the whim of an individual just doesn’t feel right.  That ‘one of our own’ would undermine the efforts of the last 12 years is really the straw that broke the camel’s back.”

He then went on the offensive about the security community in general, saying there was “no honour amongst hackers”, “no real community” and  “precious little skill”. “The entire security game is becoming more and more regulated.  This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.”

Reactions have been mixed. Some said it was a tragedy for the security world. “This is a real step backwards for the security community,” said Russ Spitler, vice president of product strategy for AlienVault, which is an advertiser on the site. “While the loss of a news source like full disclosure will be replaced, the reason for the shutdown is the real loss for the community. For years security by obscurity was the prevalent approach even among large ISV’s – pressure from forums such as full disclosure helped changed that approach.”

Others noted the declining popularity of Full Disclosure, as the entire vulnerability market has now changed. The rise of bug bounties and exploit sales have led researchers to sharing their findings with people who will pay them.

Still want to try wearable tech? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

37 mins ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

16 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

18 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

20 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

21 hours ago