Risks, vulnerabilities and threats

Pete Lindstrom points back to Robert Graham, who originally posted his well-reasoned thoughts on that old topic, full disclosure. Rudeness, risk and vulnerability disclosure But there is another more important aspect to security research that gets ignored quite frequently – risk. I believe that if not all, then almost all “whitehat” security researchers are focused on the vulnerability part of the risk equation in their attempts to reduce risk. But the ultimate consequences, in the form of compromises, is largely overlooked.