Bruce Schneier on bug secrecy vs. full disclosure. When dangerous security holes are found in software, should information about the holes be publicized widely as soon as possible, or should the information be kept quiet so that would-be exploiters of the holes are less likely to be made aware of them while the software vendor works on a fix? Computer security and cryptography mega-guru Schneier summarizes the debate quite nicely.