Disclosure of vulnerabilities

For more than a decade the cry has been for vendors of software to publicly document vulnerabilities within their applications….

And now for a new opinion…maybe that wasn’t such a good idea says one of O’Reilly’s guru’s. While there are pluses and minuses on both sides of the argument I do not think that really matters. IMHO the author of these comments is swayed more by the behavior of Apple.  Apple is always tight lipped concerning any news regarding their stuff. The author is only trying to avoid being too much of a hypocrite.

From one perspective — non-disclosure would all but eliminate most of the would-be cyber-criminals who simply wait for a vendor to post a vulnerability. Script-kiddies best describes them.  These types correctly assume that most folks will not patch their computers even if a fix is available. The question I would pose is what percentage of the malicious software do the script-kiddies create.