Katie Moussouris writes:
…
The year 1853 called. They want their disclosure debate back.A locksmith living over 150 years ago named Alfred Charles Hobbs said it beautifully when discussing whether revealing lock-picking techniques publicly was acceptable: “Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery.”
The irony that the modern lock manufacturers have not learned the lessons of their industrial-age forebears indicates that we haven’t sufficiently shifted the norms of vendor behavior in over a century and a half or more.
…
As Katie details in her post, the attitude that vulnerabilities should be kept secret, persists even to this day.
She points out that incentives can help with the discovery of bugs, see: HackerOne Now Offers Bounties For New Bug Discovery Tools And Techniques.
Are you ready to update your 150 year old disclosure of vulnerability policy?
If not, then you have chosen for hackers to win the cybersecurity war.