A study of more than 300 companies published last week found that nearly 80 percent of companies support security consultants and hackers releasing information about software vulnerabilities even when the developers aren't prepared, and that they want news of potential flaws within a week.
The desire for greater and more rapid disclosure comes more out of spite than as a way to increase security. Slightly more than half of those in favor of disclosure seemed to support it as a way to embarrass software companies that haven't done an adequate job busting bugs in their programs, rather than as a way to protect themselves against future attack.
News source: ZDNet
View: The Full Story