Information Security News mailing list archives
Re: Security Bug Disclosure Standard Dead In The Water
From: InfoSec News <isn () c4i org>
Date: Wed, 20 Mar 2002 03:13:47 -0600 (CST)
Forwarded from: John Q. Public <tpublic () dimensional com> On Tue, 19 Mar 2002, InfoSec News wrote: |http://www.newsbytes.com/news/02/175273.html | |By Brian McWilliams, Newsbytes |BURLINGTON, MASSACHUSETTS, U.S.A., |18 Mar 2002, 2:26 PM CST | |Proponents of an effort to standardize the handling of computer |security vulnerabilities today aborted the effort after receiving |critical comments from reviewers. This makes me wonder if there was any thought put into multiple "standards" that would allow for organizations to pick one and stick with it. I believe there does need to be a concrete set of rules for security folks, but I don't think that one set of rules will fit everybody's position. I would not be surprised if we had up to three "choices" and each were adopted in nearly equal amounts. At least then, there would be steps and policies that each group should abide by, and would help keep them out of trouble. Perhaps an aftereffect of this would be that all parties would soon realize that version "Delta" was less effective (or more destructive) than version "Alpha." Additionally, we could see vendors request that reporters use a particular version over another one if it fits their timelines and responsibilities (but, of course, they will pick the most time-consuming and self-protective versions) .nhoJ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security Bug Disclosure Standard Dead In The Water InfoSec News (Mar 19)
- <Possible follow-ups>
- Re: Security Bug Disclosure Standard Dead In The Water InfoSec News (Mar 20)
- Re: Security Bug Disclosure Standard Dead In The Water InfoSec News (Mar 22)