What's your position on full disclosure of vulnerabilities? The only reason that software companies are paying attention to vulnerabilities and issuing patches is because of full disclosure. Before researchers started publishing vulnerabilities publicly, software companies would routinely deny that the vulnerabilities existed. Full disclosure is what's getting them to take security seriously, and it's what's keeping them honest. Yes, it also helps the bad guys. But the benefits grossly outweigh the disadvantages.[bruce schneier, from computerworld]