Hm, not quite sure. There was a "full disclosure" vs "non FD" going on there and it's pretty big political argument if you wanna see it as one. So in a sense, it was not just rm -rf / as you say... It was a little more than that :-)
cDc and L0pht had very little to do with the "full disclosure" debate. More than anything else, that was '90s Bugtraq.
(L0pht obviously had a side in the full disclosure "debate", but they didn't have much to do with the outcome of the debate. I don't recall anyone serious taking the opposing side on full disclosure, by the way; that outcome was a foregone conclusion.)
Can you expand on this? I'd say the outcome has been the opposite of the foregone conclusion, unless I've misinterpreted you. FD seemed like the "of course it's this way" option (unless I misremember), but that's not where we are today.
Do we mean different things by FD? Would you say we're not FD because researchers are incentivized to collaborate privately with companies to resolve vulnerabilities?
What I'd say is that today, few people bat an eyelash if a researcher does a detailed writeup of how a vulnerability and its exploit work (for instance, look at the Google security blog). That wasn't true in the 1990s: if a company of Google's stature had published something like that, it would have been controversial and newsworthy.
I'd suggest FD prevailed because it's relatively safe to publish vulnerabilities today; in fact, it's a career booster.
During the FD debate, there were "important" people suggesting that all vulnerabilities be routed to organizations like CERT, which had as a charter the concealment of vulnerability details.
OK. I think full disclosure isn't quite the norm. More like "FD is tolerated" than "FD prevailed". Project Zero is kind of remarkable. But I suspect we're putting different emphasis on the word full.
@pea isn't talking about cDc and/or L0pht, he is talking about h0h0 and phrack.ru ... They've wrote some tools to expose honeypots that were used to find 0-days, also released (phrack.ru) a 'fake' phrack version with some interesting content nevertheless.
