Security Basics mailing list archives

Re: Proper vulnerability disclosure process ????

From: InfoSecBOFH <infosecbofh () gmail com>
Date: Wed, 14 Dec 2005 09:03:07 -0800

A bit dated but good

http://www.wiretrip.net/rfp/policy.html

On 12/14/05, vipul kumra <vikumar2 () yahoo com> wrote:

Hi,

Could anyone please throw some light on what is the
proper vulnerability disclosure process. Also, are
there any legal implications if this is not done
correctly (ethically). How many days should someone
wait if the company which owns the vulnerable product
doesn't respond back.

Is there a standard way (industry protocol) for
vulnerability disclosure.

Best Regards

Vipul Kumra
-----------
"I repeat: complexity is the worst enemy of security.
Secure systems should be cut to the bone and made as
simple as possible. There is no substitute for
simplicity. Unfortunately, simplicity goes against
everything our digital future stands for. " Bruce
Schneier


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Current thread:

Proper vulnerability disclosure process ???? vipul kumra (Dec 14)
- Re: Proper vulnerability disclosure process ???? InfoSecBOFH (Dec 16)
- Re: Proper vulnerability disclosure process ???? Mike Caudill (Dec 17)