CINXE.COM
Full disclosure (computer security) - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Full disclosure (computer security) - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"b8fb5378-67d5-41f1-ad2c-09149711dcab","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Full_disclosure_(computer_security)","wgTitle":"Full disclosure (computer security)","wgCurRevisionId":1255142311,"wgRevisionId":1255142311,"wgArticleId":11586,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 maint: numeric names: authors list","Articles with short description","Short description is different from Wikidata","All articles with specifically marked weasel-worded phrases","Articles with specifically marked weasel-worded phrases from June 2022","Computer security procedures"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Full_disclosure_(computer_security)", "wgRelevantArticleId":11586,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":20000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q842234","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform", "platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","site","mediawiki.page.ready","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","ext.popups", "ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.quicksurveys.init","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Full disclosure (computer security) - Wikipedia"> <meta property="og:type" content="website"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Full_disclosure_(computer_security)"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Full_disclosure_computer_security rootpage-Full_disclosure_computer_security skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Full+disclosure+%28computer+security%29" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Full+disclosure+%28computer+security%29" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Full+disclosure+%28computer+security%29" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Full+disclosure+%28computer+security%29" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-The_vulnerability_disclosure_debate" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#The_vulnerability_disclosure_debate"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>The vulnerability disclosure debate</span> </div> </a> <button aria-controls="toc-The_vulnerability_disclosure_debate-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle The vulnerability disclosure debate subsection</span> </button> <ul id="toc-The_vulnerability_disclosure_debate-sublist" class="vector-toc-list"> <li id="toc-Coordinated_vulnerability_disclosure" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Coordinated_vulnerability_disclosure"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.1</span> <span>Coordinated vulnerability disclosure</span> </div> </a> <ul id="toc-Coordinated_vulnerability_disclosure-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Full_disclosure" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Full_disclosure"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.2</span> <span>Full disclosure</span> </div> </a> <ul id="toc-Full_disclosure-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Non_disclosure" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Non_disclosure"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.3</span> <span>Non disclosure</span> </div> </a> <ul id="toc-Non_disclosure-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Debate" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Debate"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.4</span> <span>Debate</span> </div> </a> <ul id="toc-Debate-sublist" class="vector-toc-list"> <li id="toc-Arguments_against_coordinated_disclosure" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Arguments_against_coordinated_disclosure"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.4.1</span> <span>Arguments against coordinated disclosure</span> </div> </a> <ul id="toc-Arguments_against_coordinated_disclosure-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Arguments_against_non_disclosure" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Arguments_against_non_disclosure"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.4.2</span> <span>Arguments against non disclosure</span> </div> </a> <ul id="toc-Arguments_against_non_disclosure-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Full disclosure (computer security)</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 9 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-9" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">9 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Full_disclosure" title="Full disclosure – Czech" lang="cs" hreflang="cs" data-title="Full disclosure" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Full_Disclosure_(IT-Sicherheit)" title="Full Disclosure (IT-Sicherheit) – German" lang="de" hreflang="de" data-title="Full Disclosure (IT-Sicherheit)" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Revelaci%C3%B3n_completa" title="Revelación completa – Spanish" lang="es" hreflang="es" data-title="Revelación completa" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Divulgation_compl%C3%A8te" title="Divulgation complète – French" lang="fr" hreflang="fr" data-title="Divulgation complète" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Divulgazione_totale" title="Divulgazione totale – Italian" lang="it" hreflang="it" data-title="Divulgazione totale" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/Teljes_k%C3%B6zz%C3%A9t%C3%A9tel" title="Teljes közzététel – Hungarian" lang="hu" hreflang="hu" data-title="Teljes közzététel" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target"><span>Magyar</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%83%95%E3%83%AB%E3%83%87%E3%82%A3%E3%82%B9%E3%82%AF%E3%83%AD%E3%83%BC%E3%82%B8%E3%83%A3" title="フルディスクロージャ – Japanese" lang="ja" hreflang="ja" data-title="フルディスクロージャ" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Full_disclosure" title="Full disclosure – Polish" lang="pl" hreflang="pl" data-title="Full disclosure" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/%D0%9F%D0%BE%D0%BB%D0%BD%D0%BE%D0%B5_%D1%80%D0%B0%D1%81%D0%BA%D1%80%D1%8B%D1%82%D0%B8%D0%B5" title="Полное раскрытие – Russian" lang="ru" hreflang="ru" data-title="Полное раскрытие" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q842234#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Full_disclosure_(computer_security)" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Full_disclosure_(computer_security)" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Full_disclosure_(computer_security)"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Full_disclosure_(computer_security)"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Full_disclosure_(computer_security)" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Full_disclosure_(computer_security)" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&oldid=1255142311" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Full_disclosure_%28computer_security%29&id=1255142311&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FFull_disclosure_%28computer_security%29"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FFull_disclosure_%28computer_security%29"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Full_disclosure_%28computer_security%29&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Full_disclosure_(computer_security)&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q842234" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Policy in computer security</div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">This article is about vulnerability disclosure. For other uses, see <a href="/wiki/Full_disclosure_(disambiguation)" class="mw-redirect mw-disambig" title="Full disclosure (disambiguation)">Full disclosure (disambiguation)</a>.</div> <p>In the field of <a href="/wiki/Computer_security" title="Computer security">computer security</a>, independent researchers often discover flaws in software that can be abused to cause unintended behaviour; these flaws are called <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerabilities</a>. The process by which the analysis of these vulnerabilities is shared with third parties is the subject of much debate, and is referred to as the researcher's <i>disclosure policy</i>. <b>Full disclosure</b> is the practice of publishing analysis of software vulnerabilities as early as possible, making the data accessible to everyone without restriction. The primary purpose of widely disseminating information about vulnerabilities is so that potential victims are as knowledgeable as those who attack them.<sup id="cite_ref-exposing_1-0" class="reference"><a href="#cite_note-exposing-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> </p><p>In his 2007 essay on the topic, <a href="/wiki/Bruce_Schneier" title="Bruce Schneier">Bruce Schneier</a> stated "Full disclosure – the practice of making the details of security vulnerabilities public – is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure."<sup id="cite_ref-schneier_2-0" class="reference"><a href="#cite_note-schneier-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Leonard_Rose_(hacker)" title="Leonard Rose (hacker)">Leonard Rose</a>, co-creator of an <a href="/wiki/Electronic_mailing_list" class="mw-redirect" title="Electronic mailing list">electronic mailing list</a> that has superseded <a href="/wiki/Bugtraq" title="Bugtraq">bugtraq</a> to become the de facto forum for disseminating advisories, explains "We don't believe in <a href="/wiki/Security_by_obscurity" class="mw-redirect" title="Security by obscurity">security by obscurity</a>, and as far as we know, full disclosure is the only way to ensure that everyone, not just the insiders, have access to the information we need."<sup id="cite_ref-fulldisc_3-0" class="reference"><a href="#cite_note-fulldisc-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="The_vulnerability_disclosure_debate">The vulnerability disclosure debate</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=1" title="Edit section: The vulnerability disclosure debate"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The controversy around the public disclosure of sensitive information is not new. The issue of full disclosure was first raised in the context of locksmithing, in a 19th-century controversy regarding whether weaknesses in lock systems should be kept secret in the locksmithing community, or revealed to the public.<sup id="cite_ref-hobbs_4-0" class="reference"><a href="#cite_note-hobbs-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> Today, there are three major disclosure policies under which most others can be categorized:<sup id="cite_ref-sans_5-0" class="reference"><a href="#cite_note-sans-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Non-disclosure_agreement" title="Non-disclosure agreement">Non Disclosure</a>, <a href="/wiki/Coordinated_vulnerability_disclosure" title="Coordinated vulnerability disclosure">Coordinated Disclosure</a>, and Full Disclosure. </p><p>The major stakeholders in vulnerability research have their disclosure policies shaped by various motivations, it is not uncommon to observe campaigning, marketing or lobbying for their preferred policy to be adopted and chastising those who dissent. Many prominent security researchers favor full disclosure, whereas most vendors prefer coordinated disclosure. Non disclosure is generally favored by commercial exploit vendors and <a href="/wiki/Hacker_(computer_security)#Black_hat" class="mw-redirect" title="Hacker (computer security)">blackhat hackers</a>.<sup id="cite_ref-Moore2005_6-0" class="reference"><a href="#cite_note-Moore2005-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Coordinated_vulnerability_disclosure">Coordinated vulnerability disclosure</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=2" title="Edit section: Coordinated vulnerability disclosure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Coordinated_vulnerability_disclosure" title="Coordinated vulnerability disclosure">Coordinated vulnerability disclosure</a> is a policy under which researchers agree to report vulnerabilities to a coordinating authority, which then reports it to the vendor, tracks fixes and mitigations, and coordinates the disclosure of information with stakeholders including the public.<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> In some cases the coordinating authority is the vendor. The premise of coordinated disclosure is typically that nobody should be informed about a vulnerability until the software vendor says it is time.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-rfc_10-0" class="reference"><a href="#cite_note-rfc-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> While there are often exceptions or variations of this policy, distribution must initially be limited and vendors are given privileged access to nonpublic research.<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> </p><p>The original name for this approach was "responsible disclosure", based on the essay by Microsoft Security Manager Scott Culp “It's Time to End Information Anarchy”<sup id="cite_ref-culp_12-0" class="reference"><a href="#cite_note-culp-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> (referring to full disclosure). Microsoft later called for the term to be phased out in favor of “Coordinated Vulnerability Disclosure” (CVD).<sup id="cite_ref-co-ord_13-0" class="reference"><a href="#cite_note-co-ord-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-mssec_14-0" class="reference"><a href="#cite_note-mssec-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> </p><p>Although the reasoning varies, many practitioners argue that end-users cannot benefit from access to vulnerability information without guidance or patches from the vendor, so the risks of sharing research with malicious actors is too great for too little benefit. As Microsoft explain, "[Coordinated disclosure] serves everyone's best interests by ensuring that customers receive comprehensive, high-quality updates for security vulnerabilities but are not exposed to malicious attacks while the update is being developed."<sup id="cite_ref-mssec_14-1" class="reference"><a href="#cite_note-mssec-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> </p><p>To prevent vendors to indefinitely delaying the disclosure, a common practice in the security industry, pioneered by Google,<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> is to publish all the details of vulnerabilities after a deadline, usually 90 or 120<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> days reduced to 7 days if the vulnerability is <a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">under active exploitation</a>.<sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Full_disclosure">Full disclosure</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=3" title="Edit section: Full disclosure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Locksmithing#Full_disclosure" title="Locksmithing">Locksmithing § Full disclosure</a></div> <p>Full disclosure is the policy of publishing information on vulnerabilities without restriction as early as possible, making the information accessible to the general public without restriction. In general, proponents of full disclosure believe that the benefits of freely available vulnerability research outweigh the risks, whereas opponents prefer to limit the distribution. </p><p>The free availability of vulnerability information allows users and administrators to understand and react to vulnerabilities in their systems, and allows customers to pressure vendors to fix vulnerabilities that vendors may otherwise feel no incentive to solve. There are some fundamental problems with coordinated disclosure that full disclosure can resolve. </p> <ul><li>If customers do not know about vulnerabilities, they cannot request patches, and vendors experience no economic incentive to correct vulnerabilities.</li> <li>Administrators cannot make informed decisions about the risks to their systems, as information on vulnerabilities is restricted.</li> <li>Malicious researchers who also know about the flaw have a long period of time to continue exploiting the flaw.</li></ul> <p>Discovery of a specific flaw or vulnerability is not a mutually exclusive event, multiple researchers with differing motivations can and do discover the same flaws independently. </p><p>There is no standard way to make vulnerability information available to the public, researchers often use mailing lists dedicated to the topic, academic papers or industry conferences. </p> <div class="mw-heading mw-heading3"><h3 id="Non_disclosure">Non disclosure</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=4" title="Edit section: Non disclosure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Non disclosure is the policy that vulnerability information should not be shared, or should only be shared under non-disclosure agreement (either contractually or informally). </p><p>Common proponents of non-disclosure include commercial exploit vendors, researchers who intend to exploit the flaws they find,<sup id="cite_ref-sans_5-1" class="reference"><a href="#cite_note-sans-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> and proponents of <a href="/wiki/Security_through_obscurity" title="Security through obscurity">security through obscurity</a>. </p> <div class="mw-heading mw-heading3"><h3 id="Debate">Debate</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=5" title="Edit section: Debate"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In 2009, <a href="/wiki/Charlie_Miller_(security_researcher)" title="Charlie Miller (security researcher)">Charlie Miller</a>, Dino Dai Zovi and <a href="/wiki/Alexander_Sotirov" title="Alexander Sotirov">Alexander Sotirov</a> announced at the CanSecWest conference the "No More Free Bugs" campaign, arguing that companies are profiting and taking advantage of security researchers by not paying them for disclosing bugs.<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup> This announcement made it to the news and opened a broader debate about the problem and its associated incentives.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="Arguments_against_coordinated_disclosure">Arguments against coordinated disclosure</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=6" title="Edit section: Arguments against coordinated disclosure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Researchers in favor of coordinated disclosure believe that users cannot make use of advanced knowledge of vulnerabilities without guidance from the vendor, and that the majority is best served by limiting distribution of vulnerability information. Advocates argue that low-skilled attackers can use this information to perform sophisticated attacks that would otherwise be beyond their ability, and the potential benefit does not outweigh the potential harm caused by malevolent actors. Only when the vendor has prepared guidance that even the most unsophisticated users can digest should the information be made public. </p><p>This argument presupposes that vulnerability discovery is a mutually exclusive event, that only one person can discover a vulnerability. There are many examples of vulnerabilities being discovered simultaneously, often being exploited in secrecy before discovery by other researchers.<sup id="cite_ref-ac1d_21-0" class="reference"><a href="#cite_note-ac1d-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> While there may exist users who cannot benefit from vulnerability information, full disclosure advocates believe this demonstrates a contempt for the intelligence of end users. While it's true that some users cannot benefit from vulnerability information, if they're concerned with the security of their networks they are in a position to hire an expert to assist them as you would hire a mechanic to help with a car. </p> <div class="mw-heading mw-heading4"><h4 id="Arguments_against_non_disclosure">Arguments against non disclosure</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=7" title="Edit section: Arguments against non disclosure"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Non disclosure is typically used when a researcher intends to use knowledge of a vulnerability to attack computer systems operated by their enemies, or to trade knowledge of a vulnerability to a third party for profit, who will typically use it to attack their enemies. </p><p>Researchers practicing non disclosure are generally not concerned with improving security or protecting networks. However, some proponents<sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Manual_of_Style/Words_to_watch#Unsupported_attributions" title="Wikipedia:Manual of Style/Words to watch"><span title="The material near this tag possibly uses too-vague attribution or weasel words. (June 2022)">who?</span></a></i>]</sup> argue that they simply do not want to assist vendors, and claim no intent to harm others. </p><p>While full and coordinated disclosure advocates declare similar goals and motivations, simply disagreeing on how best to achieve them, non disclosure is entirely incompatible. </p> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Full_disclosure_(computer_security)&action=edit&section=8" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-exposing-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-exposing_1-0">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite id="CITEREFHeiser2001" class="citation web cs1">Heiser, Jay (January 2001). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20060328012516/http://infosecuritymag.techtarget.com/articles/january01/columns_curmudgeons_corner.shtml">"Exposing Infosecurity Hype"</a>. <i>Information Security Mag</i>. TechTarget. Archived from <a rel="nofollow" class="external text" href="http://infosecuritymag.techtarget.com/articles/january01/columns_curmudgeons_corner.shtml">the original</a> on 28 March 2006<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Information+Security+Mag&rft.atitle=Exposing+Infosecurity+Hype&rft.date=2001-01&rft.aulast=Heiser&rft.aufirst=Jay&rft_id=http%3A%2F%2Finfosecuritymag.techtarget.com%2Farticles%2Fjanuary01%2Fcolumns_curmudgeons_corner.shtml&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-schneier-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-schneier_2-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchneier2007" class="citation web cs1">Schneier, Bruce (January 2007). <a rel="nofollow" class="external text" href="https://www.schneier.com/essay-146.html">"Damned Good Idea"</a>. CSO Online<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Damned+Good+Idea&rft.pub=CSO+Online&rft.date=2007-01&rft.aulast=Schneier&rft.aufirst=Bruce&rft_id=https%3A%2F%2Fwww.schneier.com%2Fessay-146.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-fulldisc-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-fulldisc_3-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRose" class="citation web cs1">Rose, Leonard. <a rel="nofollow" class="external text" href="https://wayback.archive-it.org/all/20101223024433/https://lists.grok.org.uk/mailman/listinfo/full-disclosure">"Full-Disclosure"</a>. <i>A lightly-moderated mailing list for the discussion of security issues</i>. Archived from <a rel="nofollow" class="external text" href="https://lists.grok.org.uk/mailman/listinfo/full-disclosure">the original</a> on 23 December 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=A+lightly-moderated+mailing+list+for+the+discussion+of+security+issues&rft.atitle=Full-Disclosure&rft.aulast=Rose&rft.aufirst=Leonard&rft_id=https%3A%2F%2Flists.grok.org.uk%2Fmailman%2Flistinfo%2Ffull-disclosure&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-hobbs-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-hobbs_4-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHobbs1853" class="citation book cs1">Hobbs, Alfred (1853). <i>Locks and Safes: The Construction of Locks</i>. London: Virtue & Co.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Locks+and+Safes%3A+The+Construction+of+Locks&rft.place=London&rft.pub=Virtue+%26+Co.&rft.date=1853&rft.aulast=Hobbs&rft.aufirst=Alfred&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-sans-5"><span class="mw-cite-backlink">^ <a href="#cite_ref-sans_5-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-sans_5-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShepherd" class="citation web cs1">Shepherd, Stephen. <a rel="nofollow" class="external text" href="https://www.sans.org/reading_room/whitepapers/threats/define-responsible-disclosure_932">"Vulnerability Disclosure: How do we define Responsible Disclosure?"</a>. <i>SANS GIAC SEC PRACTICAL VER. 1.4B (OPTION 1)</i>. SANS Institute<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SANS+GIAC+SEC+PRACTICAL+VER.+1.4B+%28OPTION+1%29&rft.atitle=Vulnerability+Disclosure%3A+How+do+we+define+Responsible+Disclosure%3F&rft.aulast=Shepherd&rft.aufirst=Stephen&rft_id=https%3A%2F%2Fwww.sans.org%2Freading_room%2Fwhitepapers%2Fthreats%2Fdefine-responsible-disclosure_932&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-Moore2005-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-Moore2005_6-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMoore2005" class="citation book cs1">Moore, Robert (2005). <i>Cybercrime: Investigating High Technology Computer Crime</i>. Matthew Bender & Company. p. 258. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/1-59345-303-5" title="Special:BookSources/1-59345-303-5"><bdi>1-59345-303-5</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Cybercrime%3A+Investigating+High+Technology+Computer+Crime&rft.pages=258&rft.pub=Matthew+Bender+%26+Company&rft.date=2005&rft.isbn=1-59345-303-5&rft.aulast=Moore&rft.aufirst=Robert&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ceps.eu/ceps-publications/software-vulnerability-disclosure-europe-technology-policies-and-legal-challenges/">"Software Vulnerability Disclosure in Europe"</a>. <i>CEPS</i>. 2018-06-27<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-10-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=CEPS&rft.atitle=Software+Vulnerability+Disclosure+in+Europe&rft.date=2018-06-27&rft_id=https%3A%2F%2Fwww.ceps.eu%2Fceps-publications%2Fsoftware-vulnerability-disclosure-europe-technology-policies-and-legal-challenges%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWeulen_KranenbargHoltvan_der_Ham2018" class="citation journal cs1">Weulen Kranenbarg, Marleen; Holt, Thomas J.; van der Ham, Jeroen (2018-11-19). <a rel="nofollow" class="external text" href="https://doi.org/10.1186%2Fs40163-018-0090-8">"Don't shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure"</a>. <i>Crime Science</i>. <b>7</b> (1): 16. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.1186%2Fs40163-018-0090-8">10.1186/s40163-018-0090-8</a></span>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/2193-7680">2193-7680</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Crime+Science&rft.atitle=Don%27t+shoot+the+messenger%21+A+criminological+and+computer+science+perspective+on+coordinated+vulnerability+disclosure&rft.volume=7&rft.issue=1&rft.pages=16&rft.date=2018-11-19&rft_id=info%3Adoi%2F10.1186%2Fs40163-018-0090-8&rft.issn=2193-7680&rft.aulast=Weulen+Kranenbarg&rft.aufirst=Marleen&rft.au=Holt%2C+Thomas+J.&rft.au=van+der+Ham%2C+Jeroen&rft_id=https%3A%2F%2Fdoi.org%2F10.1186%252Fs40163-018-0090-8&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html">"Project Zero: Vulnerability Disclosure FAQ"</a>. <i>Project Zero</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-10-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Project+Zero&rft.atitle=Project+Zero%3A+Vulnerability+Disclosure+FAQ&rft_id=https%3A%2F%2Fgoogleprojectzero.blogspot.com%2Fp%2Fvulnerability-disclosure-faq.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-rfc-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc_10-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChristey" class="citation web cs1">Christey, Steve. <a rel="nofollow" class="external text" href="https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00">"Responsible Vulnerability Disclosure Process"</a>. IETF. p. 3.3.2<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Responsible+Vulnerability+Disclosure+Process&rft.pages=3.3.2&rft.pub=IETF&rft.aulast=Christey&rft.aufirst=Steve&rft_id=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-christey-wysopal-vuln-disclosure-00&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ema.europa.eu/en/human-regulatory-overview/research-and-development/compliance-research-and-development/good-manufacturing-practice/guidance-good-manufacturing-practice-and-good-distribution-practice-questions-and-answers">"Guidance on good manufacturing practice and good distribution practice: Questions and answers | European Medicines Agency"</a>. <i>www.ema.europa.eu</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2024-03-01</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.ema.europa.eu&rft.atitle=Guidance+on+good+manufacturing+practice+and+good+distribution+practice%3A+Questions+and+answers+%7C+European+Medicines+Agency&rft_id=https%3A%2F%2Fwww.ema.europa.eu%2Fen%2Fhuman-regulatory-overview%2Fresearch-and-development%2Fcompliance-research-and-development%2Fgood-manufacturing-practice%2Fguidance-good-manufacturing-practice-and-good-distribution-practice-questions-and-answers&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-culp-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-culp_12-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCulp" class="citation web cs1">Culp, Scott. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20011109045330/http://www.microsoft.com/technet/treeview/default.asp?url=%2Ftechnet%2Fcolumns%2Fsecurity%2Fnoarch.asp">"It's Time to End Information Anarchy"</a>. <i>Technet Security</i>. Microsoft TechNet. Archived from <a rel="nofollow" class="external text" href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/noarch.asp">the original</a> on November 9, 2001<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Technet+Security&rft.atitle=It%27s+Time+to+End+Information+Anarchy&rft.aulast=Culp&rft.aufirst=Scott&rft_id=http%3A%2F%2Fwww.microsoft.com%2Ftechnet%2Ftreeview%2Fdefault.asp%3Furl%3D%2Ftechnet%2Fcolumns%2Fsecurity%2Fnoarch.asp&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-co-ord-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-co-ord_13-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin" class="citation web cs1">Goodin, Dan. <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2011/04/19/microsoft_vulnerability_disclosure_policy/print.html">"Microsoft imposes security disclosure policy on all workers"</a>. <i>The Register</i><span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Microsoft+imposes+security+disclosure+policy+on+all+workers&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2011%2F04%2F19%2Fmicrosoft_vulnerability_disclosure_policy%2Fprint.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-mssec-14"><span class="mw-cite-backlink">^ <a href="#cite_ref-mssec_14-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-mssec_14-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMicrosoft_Security" class="citation web cs1">Microsoft Security. <a rel="nofollow" class="external text" href="https://www.microsoft.com/security/msrc/report/disclosure.aspx">"Coordinated Vulnerability Disclosure"</a>. <i><a href="/wiki/Microsoft" title="Microsoft">Microsoft</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141216085920/http://download.microsoft.com/download/2/5/5/255EF667-218D-42B1-84B4-1A21F39BA167/CVD.docx">Archived</a> from the original on 2014-12-16<span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft&rft.atitle=Coordinated+Vulnerability+Disclosure&rft.au=Microsoft+Security&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fmsrc%2Freport%2Fdisclosure.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://about.google/intl/ALL_us/appsecurity/">"About Google's App Security - Google"</a>. <i>about.google</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=about.google&rft.atitle=About+Google%27s+App+Security+-+Google&rft_id=https%3A%2F%2Fabout.google%2Fintl%2FALL_us%2Fappsecurity%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://zerodayinitiative.com/">"Policy | Zero Day Initiative"</a>. <i>zerodayinitiative.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=zerodayinitiative.com&rft.atitle=Policy+%7C+Zero+Day+Initiative&rft_id=https%3A%2F%2Fzerodayinitiative.com%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.tenable.com/podcast/reviewing-90-day-responsible-disclosure-policies-in-2022">"Reviewing 90 Day Responsible Disclosure Policies in 2022"</a>. <i>Tenable®</i>. 2022-08-30<span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Tenable%C2%AE&rft.atitle=Reviewing+90+Day+Responsible+Disclosure+Policies+in+2022&rft.date=2022-08-30&rft_id=https%3A%2F%2Fwww.tenable.com%2Fpodcast%2Freviewing-90-day-responsible-disclosure-policies-in-2022&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://seclists.org/dailydave/2009/q2/17">"Dailydave: No more free bugs (and WOOT)"</a>. <i>seclists.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=seclists.org&rft.atitle=Dailydave%3A+No+more+free+bugs+%28and+WOOT%29&rft_id=https%3A%2F%2Fseclists.org%2Fdailydave%2F2009%2Fq2%2F17&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.zdnet.com/article/no-more-free-bugs-there-never-were-any-free-bugs/">"<span class="cs1-kern-left"></span>"No more free bugs"? There never were any free bugs"</a>. <i>ZDNET</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNET&rft.atitle=%22No+more+free+bugs%22%3F+There+never+were+any+free+bugs&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fno-more-free-bugs-there-never-were-any-free-bugs%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://threatpost.com/no-more-free-bugs-software-vendors-032309/72484/">"No more free bugs for software vendors"</a>. <i>threatpost.com</i>. 2009-03-23<span class="reference-accessdate">. Retrieved <span class="nowrap">2023-05-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=threatpost.com&rft.atitle=No+more+free+bugs+for+software+vendors&rft.date=2009-03-23&rft_id=https%3A%2F%2Fthreatpost.com%2Fno-more-free-bugs-software-vendors-032309%2F72484%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span></span> </li> <li id="cite_note-ac1d-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-ac1d_21-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFB1tch3z" class="citation web cs1">B1tch3z, Ac1d. <a rel="nofollow" class="external text" href="http://seclists.org/fulldisclosure/2010/Sep/268">"Ac1db1tch3z vs x86_64 Linux Kernel"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">29 April</span> 2013</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ac1db1tch3z+vs+x86_64+Linux+Kernel&rft.aulast=B1tch3z&rft.aufirst=Ac1d&rft_id=http%3A%2F%2Fseclists.org%2Ffulldisclosure%2F2010%2FSep%2F268&rfr_id=info%3Asid%2Fen.wikipedia.org%3AFull+disclosure+%28computer+security%29" class="Z3988"></span><span class="cs1-maint citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_web" title="Template:Cite web">cite web</a>}}</code>: CS1 maint: numeric names: authors list (<a href="/wiki/Category:CS1_maint:_numeric_names:_authors_list" title="Category:CS1 maint: numeric names: authors list">link</a>)</span></span> </li> </ol></div></div> <!-- NewPP limit report Parsed by mw‐web.codfw.main‐cc877b49b‐9rq4x Cached time: 20241127121607 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 0.270 seconds Real time usage: 0.341 seconds Preprocessor visited node count: 1284/1000000 Post‐expand include size: 39249/2097152 bytes Template argument size: 1126/2097152 bytes Highest expansion depth: 12/100 Expensive parser function count: 4/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 74130/5000000 bytes Lua time usage: 0.171/10.000 seconds Lua memory usage: 5807672/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 316.502 1 -total 56.41% 178.529 1 Template:Reflist 44.31% 140.250 18 Template:Cite_web 19.04% 60.268 1 Template:Short_description 10.55% 33.391 2 Template:Pagetype 9.85% 31.167 1 Template:Who? 8.27% 26.190 1 Template:Fix 6.42% 20.311 1 Template:About 5.62% 17.799 1 Template:Category_handler 5.27% 16.684 3 Template:Main_other --> <!-- Saved in parser cache with key enwiki:pcache:11586:|#|:idhash:canonical and timestamp 20241127121607 and revision id 1255142311. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Full_disclosure_(computer_security)&oldid=1255142311">https://en.wikipedia.org/w/index.php?title=Full_disclosure_(computer_security)&oldid=1255142311</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Category</a>: <ul><li><a href="/wiki/Category:Computer_security_procedures" title="Category:Computer security procedures">Computer security procedures</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_maint:_numeric_names:_authors_list" title="Category:CS1 maint: numeric names: authors list">CS1 maint: numeric names: authors list</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:All_articles_with_specifically_marked_weasel-worded_phrases" title="Category:All articles with specifically marked weasel-worded phrases">All articles with specifically marked weasel-worded phrases</a></li><li><a href="/wiki/Category:Articles_with_specifically_marked_weasel-worded_phrases_from_June_2022" title="Category:Articles with specifically marked weasel-worded phrases from June 2022">Articles with specifically marked weasel-worded phrases from June 2022</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 3 November 2024, at 10:35<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Full_disclosure_(computer_security)&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-cc877b49b-9rq4x","wgBackendResponseTime":488,"wgPageParseReport":{"limitreport":{"cputime":"0.270","walltime":"0.341","ppvisitednodes":{"value":1284,"limit":1000000},"postexpandincludesize":{"value":39249,"limit":2097152},"templateargumentsize":{"value":1126,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":4,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":74130,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 316.502 1 -total"," 56.41% 178.529 1 Template:Reflist"," 44.31% 140.250 18 Template:Cite_web"," 19.04% 60.268 1 Template:Short_description"," 10.55% 33.391 2 Template:Pagetype"," 9.85% 31.167 1 Template:Who?"," 8.27% 26.190 1 Template:Fix"," 6.42% 20.311 1 Template:About"," 5.62% 17.799 1 Template:Category_handler"," 5.27% 16.684 3 Template:Main_other"]},"scribunto":{"limitreport-timeusage":{"value":"0.171","limit":"10.000"},"limitreport-memusage":{"value":5807672,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-cc877b49b-9rq4x","timestamp":"20241127121607","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Full disclosure (computer security)","url":"https:\/\/en.wikipedia.org\/wiki\/Full_disclosure_(computer_security)","sameAs":"http:\/\/www.wikidata.org\/entity\/Q842234","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q842234","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2001-12-05T11:18:22Z","dateModified":"2024-11-03T10:35:23Z","headline":"vulnerability disclosure policy in computer security"}</script> </body> </html>