From: Thees Peereboom 

Geo,

It looks to me that the first part of your msg:

---------------startquote
>I believe in full disclosure, without that vendors have too much power to
>snuff out the information so nobody knows how exposed they are, and it's in
>the vendors interest to do this because it looks bad for them when an
>exploit is discovered.

---------------endquote

is in sheer contradiction with the second part:

---------------startquote
>Back to the open/closed source thing for a moment though..
>
>One of the things I learned while learning to hack was that if you can
>download and install whatever it is you are trying to hack, the job becomes
>a whole lot easier. If you can look inside it (read the source code) I
>believe it becomes even easier if you know what you are looking at.
>
>As an example, suppose I wanted to crack a remote desktop type app. If it
>were PCanywhere best I could do is buy a copy of it and try messing with it.
>If it were an open source remote desktop, I could download it free, download
>the source, and use the source as a starting point in writing an exploit or
>brute force password cracker. To my mind that is a huge advantage to a
>hacker.
---------------endquote

If you want to avoid too much knowledge to prevent ill-use, it can only be
one out of two, right?

- Thees Peereboom

--- BBBS/NT v4.01 Flag-4