Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disclosure Guidelines For Bug-Spotters Proposed

From: InfoSec News <isn () c4i org>
Date: Mon, 25 Feb 2002 02:42:06 -0600 (CST)
Forwarded from: John Q. Public <tpublic () dimensional com>

Just because you have a state-sponsored religion doesn't mean you'll
convert everyone.

I commend Steve and Chris for attempting this, but without a LOT of
compromise, people are still going to bicker about which way is right.

And we all know MS doesn't utilize RFCs to the letter, they tend to
add their own features and break functionality for their own needs.  
Just an example of how well RFCs are upheld in the real world.

Don't get me wrong, I'll go read it, but I'm sure I can come up with a
handfull of people who will love it and equally as many who will hate
it.

.nhoJ

On Fri, 22 Feb 2002, InfoSec News wrote:

|http://www.newsbytes.com/news/02/174683.html
|
|By Steven Bonisteel, Newsbytes
|CAMBRIDGE MASSACHUSETTS, U.S.A.,
|21 Feb 2002, 5:21 PM CST
| 
|A pair of computer security researchers are seeking comments on a
|proposal to bring order to the reporting and fixing of security holes
|in software, a process that frequently takes place in adversarial
|arenas.
|
|In a document known as an Internet Draft submitted to the Internet
|Engineering Task Force (IETF), Steve Christey of MITRE and Chris
|Wysopal of @stake outline what could become standard procedures for
|both bug hunters and software vendors when dealing with newly
|discovered vulnerabilities.
| 
|The "Responsible Disclosure Process" Internet Draft comes as even
|Internet security sleuths themselves continue to debate how quickly
|they should publish their reports and how detailed they should be.  
|Meanwhile, software giant Microsoft Corp. has been the most vocal
|among vendors who have criticized the bug hunters for reporting
|problems before they are patched.
|
[...]
|
|The full Internet Draft can be found here:  
|http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: