"October was a bad month for proponents of full
disclosure. First, Microsoft's Scott Culp argued in an essay that
security researchers shouldn't reveal the nature of security holes
in software. Then Culp may have found an unexpected ally in his war
against full disclosure: Linux's second-in-command, Alan Cox.
Cox's decision to delete security-related material from the
Linux kernel changelog seems almost to honor Culp's request that we
suppress information useful to attackers.
While at least some of the security changes made in the
prerelease of the 2.2.20 Linux kernel have already been discussed
elsewhere, Cox claims that describing these changes might be in
violation of the same anti-circumvention provisions of the Digital
Millennium Copyright Act (DMCA) used to prosecute Russian
programmer Dmitri Sklyarov, and cited by Professor Felten in
initial decision not to publish a paper describing weaknesses in