|
|
|
|
|
|
by jtbayly
2529 days ago
|
|
|
You left out the biggest part of full disclosure in my opinion. The reason for full disclosure is because those who are affected by a security flaw in a product they are using have a right to know about the dangers of that piece of software. But once I put that down in writing I discovered you are right about the difference in this instance. The person who has the right to know about the flaw in this instance is the list of people whose accounts were compromised. Giving it to the general public is to further victimize them, rather than help them protect themselves. |
|
|
Full disclosure can also protect previously unaffected / potential future customers, by warning them of companies that have been so lax with their security that they've been breached.
So to achieve a comparable upside to full disclosure, HIBP needs to also make aggregate data publicly available. Which they do:
https://haveibeenpwned.com/PwnedWebsites