[ISN] Full Disclosure Mailing List: A Fresh Start

http://insecure.org/news/fulldisclosure/ March 25, 2014 Like many of us in the security community, I (Fyodor) was shocked last week by John Cartwright’s abrupt termination of the Full Disclosure list which he and Len Rose created way back in July 2002. It was a great 12-year run, with more than 91,500 posts during John’s tenure. During that time he fought off numerous trolls, DoS attacks, spammers, and legal threats from angry vendors and researchers alike. John truly deserves our appreciation and thanks for sticking with it so long! Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete. They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future. Jericho from OSVDB and Attrition elaborates further in this great post. Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: “you don’t need me. If you want to start a replacement, go for it.” After some soul searching about how much I personally miss the list (despite all its flaws), I’ve decided to do so! I’m already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists. I already maintain mail servers and Mailman software because I run various other large lists including Nmap Dev and Nmap Announce. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail