It's a sad day for security research. After nearly twelve years of operation, the Full Disclosure mailing list is closing due to mounting drama and pressure.
In a final post on Wednesday, list co-creator John Cartwright said that recent calls to remove content from the list archives - by one of the security community's own - became the straw that broke the camel's back.
"To date we've had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise. However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.
"I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done...
"... taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back."
Over the last eleven-plus years, the Full Disclosure mailing list has been the source of many serious vulnerability disclosures. However, the list has also been the source of in-fighting within the community.
Believers in responsible disclosure, a key process to being paid for vulnerability hunting, have also made their opinions known from time to time.
In addition, there have been trolls and others who lurked on the list for their own personal amusement, e.g. n3td3v, and vendors who worked to have things removed over the years because they were rightfully embarrassed by what was posted there. However, as is the case of a recent issue involving YouTube, the list has also seen its share of researchers who think they've discovered something big, (seeking their fifteen minutes of fame), only to discover that the issue isn't what they've made it out to be.
Concluding his final address to the mailing list, Cartwright had some final thoughts on the InfoSec community:
"There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."
Full Disclosure archives are available here.