Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug announcement rule-of-thumb?
- To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- Subject: Bug announcement rule-of-thumb?
- From: "Stout, Bill" <StoutBPIOS.COM>
- Date: Wed, 12 Aug 1998 12:29:37 -0400
- Reply-To: "Stout, Bill" <StoutBPIOS.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
What is the accepted time-out factor for publishing security bugs? I believe it's a common rule to allow up to 30 days for vendor response before announcing it to the media, though this may be too long to meet security needs. Russ uses a 14-day grace period, though most large companies might not move that fast. I believe the latest Eudora bug announcement allowed less than 7 days. For the sake of the list, please reply off-line, I'll attempt to summarize all replies in one post. Bill Stout ____________________________________________________________ Facinating. http://www.haarp.alaska.edu/ Must be expensive.
- Prev by Date: Re: obtain domain users password via asp server variable
- Next by Date: Re: ISS vs. CyberCop - My findings.
- Prev by thread: Re: obtain domain users password via asp server variable
- Next by thread: Netbus