Full-Disclosure is a popular open mailing list for security disclosure that first got started in 2002, and over the years it has become a valuable source of security information. On March 19, however, John Cartwright, the founder of Full-Disclosure, decided it was time to pull the plug. Cartwright complained that he was getting a lot of takedown requests from a security researcher and, in general, he wasn’t very pleased with the current state of the information security community.
Not everyone shares Cartwright’s views, and many in the information security community wanted Full-Disclosure to return (and you can count me in that list). On March 25, security researcher Gordon Lyon, who is well-known in the information security world as “Fyodor,” emerged as Full-Disclosure’s savior.
Fyodor is widely respected for his security efforts; he is the creator of the popular open-source Nmap security scanner that has been in the market since 1997.
“Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete,” Fyodor wrote. “They say researchers should just Tweet out links to advisories that can be hosted on Pastebin or company sites. I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future.”