Show simple item record

dc.contributor.advisorMurdock, Richarden_US
dc.creatorGoens, Tami Marieen_US
dc.date.accessioned2011-01-11T19:14:28Z
dc.date.available2011-01-11T19:14:28Z
dc.date.issued2001en_US
dc.identifier.urihttp://hdl.handle.net/1811/47507
dc.description.abstractBugTraq, a popular mailing list now hosted by securityfocus.com, was founded in 1993 to provide a forum for open publication of computer and network security vulnerabilities. Due primarily to the rapid pace of software development and the proliferation of the Internet, there has been a shift away from keeping computer security vulnerabilities private. Prior to such mailing lists as BugTraq, information on computer and network security vulnerabilities remained in the hands of a few, primarily computer security researchers and the underground criminal element. Retaliation to this form of private information has led many working in computer security to adopt what has become known as full disclosure. The practice of publicly disclosing computer security vulnerabilities has led to a heated debate, as there are both positive and negative consequences of releasing such information to the masses. The goal of this distinction project is to determine the attitudes that those in the computer security community currently hold regarding issues surrounding full disclosure. Two hypotheses are tested. First, a majority of those in the computer security field support the full disclosure model of disseminating vulnerability information and second, attitudes on the full disclosure debate will vary across participation in different computer security circles. In order to test these hypotheses, opinions from users of full disclosure information and computer security practitioners were solicited through use of an on-line survey. Survey links were distributed through the FBI-coordinated computer security organization, InfraGard, the Information Systems Security Association, and the popular full disclosure mailing list, BugTraq.en_US
dc.language.isoen_USen_US
dc.publisherThe Ohio State Universityen_US
dc.relation.ispartofseriesThe Ohio State University. Department of Accounting and MIS Honors Theses; 2001en_US
dc.titleFull disclosure of computer security vulnerabilities: an examination of the debateen_US
dc.typeThesisen_US


Files in this item

Thumbnail

Items in Knowledge Bank are protected by copyright, with all rights reserved, unless otherwise indicated.

This item appears in the following Collection(s)

Show simple item record