Bob Maley writes:
If you have been following the blogosphere recently, you may have read that I used to be the chief information security officer for the Commonwealth of Pennsylvania, having been dismissed for speaking about security without specific permission. We won’t go into that here, but the incident begs the question if sharing about security incidents can be valuable and should be encouraged. If you wish to discuss the ethical ramifications of such sharing, Upasana Gupta has a good entry about that. This discussion will be on the value.
At the RSA 2010 Conference in San Francisco in March, I used an incident that had occurred involving a Pennsylvania Department of Transportation system as an example in my talk. First, let me make it clear that the incident was closed, the vulnerability in the system had been fixed and at no time was citizen data ever at risk.
Read more on GovInfoSecurity.com