|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RFPolicy for vulnerability disclosure
From: rain forest puppy (rfp
WIRETRIP.NET)Date: Mon Jun 12 2000 - 18:51:26 CDT
- Next message: Ussr Labs: "Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability"
- Previous message: Jesper M. Johansson: "Re: Browstat problem in Win 2K."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm not sure if anyone would be interested, but I thought I would give it
a whirl anyway just in case....
I just posted what I've dubbed as 'RFPolicy'. RFPolicy is an inititive to
help establish concrete guidelines for disclosure of security problems.
This was prompted due to many recent responses from vendors such as "we
were never given a chance", or "there is an 'unwritten' standard of
notifying the vendor X days ahead of time", etc.
My intent is not to push this policy onto the community. Everyone can
obviously do whatever they feel like. But *I* will be using this
disclosure policy in all future security disclosures, and I encourage
anyone wishing to use or modify it, to do so.
Feedback on the policy is also welcome. It can be found at:
http://www.wiretrip.net/rfp/policy.html
Thanks,
- rain forest puppy
- Next message: Ussr Labs: "Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability"
- Previous message: Jesper M. Johansson: "Re: Browstat problem in Win 2K."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]