> If there was working Usenet search in 2018, you could find me making approximately the same argument back in the 1990s, when I worked as a researcher at SNI, the world's first commercial vulnerability research lab.
This being a controversial topic straight at the intersection of technology, the way it changed and affected society, the public good and our dependence on technology, I really don't think that "I haven't changed my mind about this in 28 years" supports your argument ...
And honestly I would say that whether I agree or not.
I wasn't working in security but I definitely moved my opinion on the matter. In the (late) 90s I was mostly for full public disclosure arguing the same "we're better off when we have the most information available to us". But today I'm leaning way more towards "responsible disclosure is good" (as you can tell I'm also not 100% black-and-white on the matter like you said you are).
Maybe it's because I was younger then and had more of a reckless mentality and an innocent belief that people will make the right choices given enough information.
Maybe it's because in the past 28 years technology has changed our society to such an extent that impact of security vulnerabilities is rather incomparable to the impact they had back then.
Maybe it's because I definitely don't believe that you can defend this opinion with the very same arguments that were used back then without even addressing the spread of information technology and the drastic way they altered society in the past 28 years.
Maybe it's because I now realise that I myself am not always better off with more information if I can't act on it, and therefore it's not reasonable to assume it as a general rule. Which is very much something I had yet to learn 28 years ago, had to swallow some pride. I wish everybody was a clever as I was back then ...
This being a controversial topic straight at the intersection of technology, the way it changed and affected society, the public good and our dependence on technology, I really don't think that "I haven't changed my mind about this in 28 years" supports your argument ...
And honestly I would say that whether I agree or not.
I wasn't working in security but I definitely moved my opinion on the matter. In the (late) 90s I was mostly for full public disclosure arguing the same "we're better off when we have the most information available to us". But today I'm leaning way more towards "responsible disclosure is good" (as you can tell I'm also not 100% black-and-white on the matter like you said you are).
Maybe it's because I was younger then and had more of a reckless mentality and an innocent belief that people will make the right choices given enough information.
Maybe it's because in the past 28 years technology has changed our society to such an extent that impact of security vulnerabilities is rather incomparable to the impact they had back then.
Maybe it's because I definitely don't believe that you can defend this opinion with the very same arguments that were used back then without even addressing the spread of information technology and the drastic way they altered society in the past 28 years.
Maybe it's because I now realise that I myself am not always better off with more information if I can't act on it, and therefore it's not reasonable to assume it as a general rule. Which is very much something I had yet to learn 28 years ago, had to swallow some pride. I wish everybody was a clever as I was back then ...