Jump to content
Tuts 4 You

RIP Full Disclosure...


Recommended Posts

Today is a sad day for the security community. Hmm, is there such thing as "security community" after all?

So long, and thanks for all the fish..



Administrivia: The End

From: John Cartwright <johnc () grok org uk>

Date: Wed, 19 Mar 2014 10:30:15 +0000


When Len and I created the Full-Disclosure list way back in July 2002,

we knew that we'd have our fair share of legal troubles along the way.

We were right. To date we've had all sorts of requests to delete

things, requests not to delete things, and a variety of legal threats

both valid or otherwise. However, I always assumed that the turning

point would be a sweeping request for large-scale deletion of

information that some vendor or other had taken exception to.

I never imagined that request might come from a researcher within the

'community' itself (and I use that word loosely in modern times). But

today, having spent a fair amount of time dealing with complaints from

a particular individual (who shall remain nameless) I realised that

I'm done. The list has had its fair share of trolling, flooding,

furry porn, fake exploits and DoS attacks over the years, but none of

those things really affected the integrity of the list itself.

However, taking a virtual hatchet to the list archives on the whim of

an individual just doesn't feel right. That 'one of our own' would

undermine the efforts of the last 12 years is really the straw that

broke the camel's back.

I'm not willing to fight this fight any longer. It's getting harder

to operate an open forum in today's legal climate, let alone a

security-related one. There is no honour amongst hackers any more.

There is no real community. There is precious little skill. The

entire security game is becoming more and more regulated. This is all

a sign of things to come, and a reflection on the sad state of an

industry that should never have become an industry.

I'm suspending service indefinitely. Thanks for playing.


- John

Link to comment
Share on other sites

...and a new list was born...

Administrivia: A Fresh Start

From: Fyodor <fyodor () nmap org>

Date: Tue, 25 Mar 2014 18:07:20 -0700

It hasn't even been a week since John quit running the Full-Disclosure list and I already miss it! He did a great job managing the list for almost 12 years and more than 91,500 posts. We certainly owe him our thanks and appreciation.

When I mailed John recently asking how I could help, he said he was through with the list but "if you want to start a replacement, go for it." So here we are. I already deal with (or ignore) many legal threats and removal demands since I've long run the most popular Full Disclosure web archive (http://seclists.org/fulldisclosure/), and I already run mail servers and Mailman software for my other lists (like Nmap dev and Nmap announce). I love the Full Disclosure philosophy and movement, so I've started a new list! Here is the announcement and mailman page:



While this is a successor list in spirit, it is also a fresh start in that the old userbase won't carry over. Anyone who wants to continue with the list needs to resubscribe at one of the URLs above.

If I can do this for as long as John did, and with anywhere near his skill, I will consider it a success. I'll recruit a team of volunteer moderators from the active list members because this needs to be run by and for the community!



  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...