oss-sec mailing list archives
Re: distros & linux-distros embargo period and message format
From: Michael Gilbert <michael.s.gilbert () gmail com>
Date: Fri, 3 Feb 2012 20:26:26 -0500
On Wed, Feb 1, 2012 at 11:54 PM, Solar Designer wrote:
Yet I needed to bring the topic up. I was not 100% sure that some vendors currently on the list would find 7-11 days unacceptable. Being 90% sure was not enough. I've noticed a decrease in embargo periods over time - I think for vendor-sec the average might have been 14 days if not more, whereas now it might be down to 10-12 days or so (excluding the hash DoS thing). So we turned the old average into the new maximum. I thought that maybe we were ready for the "next level" - but it seems not. Maybe later?
I think the important aspect here is the transparency of the private discussion (after an appropriate delay), rather than the length of the delay itself. That can be set by the researcher (with some reasonable maximum, like a month). We all should be able to see what is going on over in the closed list. Although it is unlikely being used for nefarious purposes (hiding issues permanently, etc.), transparency (after a delay) is the only way to show that it is not. Anyway, 30 days seems appropriate. Best wishes, Mike
Current thread:
- Re: distros & linux-distros embargo period and message format, (continued)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
- Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)