"Vulnerability disclosure policies have become a hot topic in
recent years. Security researchers generally practice "responsible
disclosure", which involves privately notifying affected software
vendors of vulnerabilities. The vendors then typically address the
vulnerability at some later date, and the researcher reveals full
details publicly at or after this time.
"A competing philosophy, "full disclosure", involves the
researcher making full details of a vulnerability available to
everybody simultaneously, giving no preferential treatment to any
"The argument for responsible disclosure goes briefly thus: by
giving the vendor the chance to patch the vulnerability before
details are public, end users of the affected software are not put
at undue risk, and are safer. Conversely, the argument for full
disclosure proceeds: because a given bug may be under active
exploitation, full disclosure enables immediate preventative
action, and pressures vendors for fast fixes. Speedy fixes, in
turn, make users safer by reducing the number of vulnerabilities
available to attackers at any given time."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.