Pages

About Blog

Between 2004 and 2014 a debate took place over the future of Full-Disclosure Mailing List in the United Kingdom.

Saturday, 23 August 2014

It is correct that Full-Disclosure Mailing List is closed in the United Kingdom.

I saw it as a real threat to our cyber security in the United Kingdom that put criminals at an advantage.

To post technical software vulnerabilities without permission cannot be justified.

Friday, 22 August 2014

Supporters of Full-Disclosure Mailing List tried to paint security specialist Andrew Wallace as someone in bad light. The fact is we are better without it in the United Kingdom.

To post technical software vulnerabilities without permission cannot be justified. It is immoral and laws should be changed.

The sophistication of the smear against me included a PDF report by Neal Krawetz of HackerFactor. A news article by Robert Lemos of Symantec's SecurityFocus. A book written by Jayson E. Street and published by Syngress.

I have considered taking legal action against people and organisations over the whole thing. At the moment I haven't bothered with any kind of compensation.

I'm satisfied for the moment with the closure of the mailing list in the United Kingdom.
Andrew Wallace took on Full-Disclosure Mailing List administrators.

After years of the security specialist being against the practice of posting technical software vulnerabilities without permission the owners gave into pressure and closed the mailing list in the United Kingdom.

Andrew is available for public speaking engagements.

The posting of technical software vulnerabilities without permission is controversial and often sparks debate.

Only criminals are at an advantage. We as a responsible cyber security community should not support it.

If a mailing list is the only way for you to find out about vulnerabilities then you have a bigger problem.

Some people saw the mailing list as a form of entertainment. I didn't. I saw it as a real threat to our cyber security in the United Kingdom that put criminals at an advantage.
It is correct that Full-Disclosure Mailing List is closed in the United Kingdom.

It is not British to post technical software vulnerabilities without the permission of the vendor to the internet.

Cyber security experts have thanked me for contributing to the closure of the mailing list.

It is now based somewhere in the United States.

It is not polite to post technical software vulnerabilities without the permission of the vendor.

The threat the mailing list poses could still have an impact on our national security and is monitored by cyber security experts.

We've seen that technical software vulnerabilities can be dangerous in the wrong hands. We need to work to counteract the threat "full disclosure" as an ideology poses.

UK Government class technical software vulnerabilities as a tier 1 threat to the United Kingdom.

Some cyber security experts have tried to legitimise the use of posting technical software vulnerabilities without permission as a way to get vendors to patch vulnerabilities quicker.

Overall the majority of people are against the practice.

Monday, 24 March 2014

The decision to close Full-Disclosure Mailing List

John Cartwright said "I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.

I never imagined that request might come from a researcher within the 'community' itself. Having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done."

In response Andrew Wallace said "Full-Disclosure Mailing List was being used against private sector, public sector, academia and individuals and little was done to remove things that shouldn't be there in enough time.

The list was nothing to do with responsible or full disclosure. True responsible and full disclosure can happen elsewhere from now on."