翻訳と辞書
Words near each other
・ Full Moon on the Farm
・ Full Moon Party
・ Full Moon Party (film)
・ Full Moon Press
・ Full Moon Press (disambiguation)
・ Full Moon Productions
・ Full custom
・ Full cycle
・ Full Dark, No Stars
・ Full depth recycling
・ Full Devil Jacket
・ Full Diesel
・ Full disclosure
・ Full Disclosure (2001 film)
・ Full Disclosure (2005 film)
Full disclosure (computer security)
・ Full disclosure (mailing list)
・ Full Disclosure (The West Wing)
・ Full documentation loan
・ Full Domain Hash
・ Full Dress
・ Full dress
・ Full Eclipse
・ Full employment
・ Full Employment Abandoned
・ Full Employment Act
・ Full Employment in a Free Society
・ Full employment theorem
・ Full English (TV series)
・ Full Experience (album)


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Full disclosure (computer security) : ウィキペディア英語版
Full disclosure (computer security)

In the field of computer security, independent researchers often discover flaws in software that can be abused to cause unintended behaviour, these flaws are called vulnerabilities. The process by which the analysis of these vulnerabilities is shared with third parties is the subject of much debate, and is referred to as the researcher’s ''disclosure policy''. Full disclosure is the practice of publishing analysis of software vulnerabilities as early as possible, making the data accessible to everyone without restriction. The primary purpose of widely disseminating information about vulnerabilities is so that potential victims are as knowledgeable as those who attack them.

In his essay on the topic, Bruce Schneier stated "Full disclosure -- the practice of making the details of security vulnerabilities public -- is a damned good idea. Public scrutiny is the only reliable way to improve security, while secrecy only makes us less secure". Leonard Rose, co-creator of an electronic mailing list that has superseded bugtraq to become the de facto forum for disseminating advisories, explains "We don't believe in security by obscurity, and as far as we know, full disclosure is the only way to ensure that everyone, not just the insiders, have access to the information we need."
== The vulnerability disclosure debate ==

The controversy around the public disclosure of sensitive information isn't new. The issue of full disclosure was first raised in the context of locksmithing, in a 19th-century controversy regarding whether weaknesses in lock systems should be kept secret in the locksmithing community, or revealed to the public. Today, there are three major disclosure policies under which most others can be categorized: Non Disclosure, Coordinated Disclosure, and Full Disclosure.
The major stakeholders in vulnerability research have their disclosure policies shaped by various motivations, it is not uncommon to observe campaigning, marketing or lobbying for their preferred policy to be adopted and chastising those who dissent. Many prominent security researchers favor full disclosure, whereas most vendors prefer coordinated disclosure. Non disclosure is generally favoured by commercial exploit vendors and blackhat hackers.

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Full disclosure (computer security)」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.