Schneier: Keeping software vulnerabilities secret, the argument goes, keeps them out of the hands of hackers. Schneier says full disclosure is the only reliable way to improve security, while secrecy only makes us less secure. Hackers have proven to be quite adept at discovering secret vulnerabilities, the only reason vendors routinely patch their systems. To a software company, vulnerabilities are largely an externality to the user, not the vendor, says Schneier. He says public scrutiny is how security improves, whether we’re talking about software or airport security.”]
Source: https://www.csoonline.com/article/2121554/bruce-schneier-on-disclosure–all-or-nothing.html