October 3, 2001
Full disclosure: how much security info is too much
Author: JT Smith
Kelly McNeill writes "The debate over how much detail to release on software security gaps and when to go public with potentially sensitive security information has experts looking for a middle ground, wherein systems can be secured without helping hackers. The Code Red and Code Red II virus outbreaks, which capitalized on vulnerabilities that were publicized before the viruses spread, brought the debate front and center, but the issue presents a constant challenge to those who hunt for vulnerabilities."