Security Basics mailing list archives
Re: Proper vulnerability disclosure process ????
From: InfoSecBOFH <infosecbofh () gmail com>
Date: Wed, 14 Dec 2005 09:03:07 -0800
A bit dated but good http://www.wiretrip.net/rfp/policy.html On 12/14/05, vipul kumra <vikumar2 () yahoo com> wrote:
Hi, Could anyone please throw some light on what is the proper vulnerability disclosure process. Also, are there any legal implications if this is not done correctly (ethically). How many days should someone wait if the company which owns the vulnerable product doesn't respond back. Is there a standard way (industry protocol) for vulnerability disclosure. Best Regards Vipul Kumra ----------- "I repeat: complexity is the worst enemy of security. Secure systems should be cut to the bone and made as simple as possible. There is no substitute for simplicity. Unfortunately, simplicity goes against everything our digital future stands for. " Bruce Schneier __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Proper vulnerability disclosure process ???? vipul kumra (Dec 14)
- Re: Proper vulnerability disclosure process ???? InfoSecBOFH (Dec 16)
- Re: Proper vulnerability disclosure process ???? Mike Caudill (Dec 17)