Info disclosure in the corporate world

A while back I posted a few corporate lessons in my old blog. Although humorous in nature, the lessons are quite valid in some cases. Take for instance Yahoo! and how it violated Corporate Lesson 1. :)

On a more serious note, management should be always careful when disclosing information about its security practices. After all it is a global information disclosure and should be carefully evaluated before releasing too much sensitive data that can leave the organization vulnerable. If you run this in parallel with software security, it is the classical info disclosure bug that exposes the inner workings of the application and can aid an attacker into further compromising it.