Main Page | See live article | Alphabetical index

Full disclosure movement

Most hackers believe that posting working code taking advantage of vulnerabilities in a popular program or system will hasten the program or system developers' release of an update or a patch to correct the issue.

It's considered good practice to give developers some time to fix problem and issue patches before full disclosure. This time shouldn't be too long, and it certainly shouldn't be extendable. A few days, no longer than a week, is considered good deadline in case of most simple problems (buffer overflows etc.), longer time may be given if problem is particularly deep.

Threat of full disclosure proved to be very good guarantee that developers will take care of problem in timely manner.

See also Hacker, Hacker ethic.