Can You Rate Security Disclosures Like eBay Feedback?
from the use-the-community dept
Computer security has been in the news again a lot recently. It never seems to go away, but the flow of articles rises and falls over time. One of the big issues, though, is on the disclosure of information concerning security issues. While many people think there needs to be more disclosure, the fear is that the information flow would be overwhelming, and the opposite of the intended effect would occur. Instead of getting information out quickly, it would simply hide the important security disclosures amongst all the muck. At a panel discussion recently, though, someone suggested that security disclosures could be ranked on an eBay-style feedback system, to help let the overall community separate the important disclosures from the junk (and marketing-disguised-as-a-security-alert). Of course, lots of communities have tried to build up trust metrics based on eBay’s, and it’s not always easy to get it working well. It really requires community commitment, and that can be difficult to get.