UMass LowellComputer Science Colloquium Announcement Speaker: Richard M. Smith
Internet Security and Privacy Consultant
http://www.ComputerBytesMan.com
Date: December 11, 2002
Time: 3:30pm--4:30pm
Place: Olsen 311
Refreshments are served at 3:15pm
 |
The Pros and Cons of Full Disclosure in Computer Security
What is the right public forum for talking about security holes in software products? The computer security community regularly debates this controversial question. Advocates of full disclosure claim that a full public discussion of security holes is the only way to get software vendors to provide software patches in a timely manner. Detractors point out that full disclosure ends up providing tools and techniques to hackers, virus writers, and script kiddies for mounting cyberattacks. In his talk, Smith will take a closer look at the history of full disclosure, when it works, and when it does not. He will discuss some of the economic and cultural incentives that keep full disclosure alive. He will also offer some alternatives to full disclosure as practiced by security researchers today.
 |
Colloquium Coordinator: Jie Wang, wang@cs.uml.edu
Website: http://www.cs.uml.edu/~wang/colloquia/