Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Prominent security mailing list Full Disclosure shuts down indefinitely

Lucian Constantin | March 20, 2014
The popular Full-Disclosure mailing list that has served as a public discussion forum for vulnerability researchers for the past 12 years was suspended indefinitely by its maintainer.

It's not clear what was the nature of the content that the unnamed researcher tried to get removed from the list. Cartwright did not immediately respond to an inquiry seeking additional information and whether he has any plans to hand over the list to someone else in the future.

Danish vulnerability intelligence firm Secunia, which hosted and sponsored the Full Disclosure mailing list since 2005, did not comment on Cartwright's decision to shut down the list, but a representative said via email that the company has no plans of re-launching it as a Secunia-branded service.

The closure of the Full-Disclosure list is a very sad milestone for the information security industry because the list used to be one of the most reliable sources of security and hacking information, according to Ilia Kolochenko, the CEO of Geneva-based security firm High-Tech Bridge.

"But those days are gone and skilled hackers — both Black and White Hats — are no longer motivated to inform the public of their findings and exploits for free," he said via email. "They either work for vulnerability research companies like Vupen, participate in bug-bounties or simply sell 0days on the hacker black market. Obviously Full-Disclosure cannot exist without high-quality content, so I think this is why John Cartwright's decision to suspend the Full-Disclosure list is entirely reasonable, but still sad."

Carsten Eiram, the chief research officer at security intelligence firm Risk Based Security, said he is also sorry that the list is closing down because it's needed as much today as when it was launched.

"It was an unmoderated (later lightly moderated), unbiased, and independent list not controlled by a commercial entity. That is important, and it has always been my preferred list to publish vulnerability findings and similar to," Eiram said via email.

"The importance of the list was also why we decided to sponsor it back in March 2005 while I was at Secunia, when it needed a new sponsor," Eiram said. "Today at RBS [Risk Based Security], we're actually reaching out to John to hear, if we can somehow help keep it going without impacting the integrity or independence of the list."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.