Security Basics mailing list archives

Proper vulnerability disclosure process ????

From: vipul kumra <vikumar2 () yahoo com>
Date: Wed, 14 Dec 2005 02:34:12 -0800 (PST)

Hi,
 
Could anyone please throw some light on what is the
proper vulnerability disclosure process. Also, are
there any legal implications if this is not done
correctly (ethically). How many days should someone
wait if the company which owns the vulnerable product
doesn't respond back.
 
Is there a standard way (industry protocol) for
vulnerability disclosure.
 
Best Regards
 
Vipul Kumra
-----------
"I repeat: complexity is the worst enemy of security.
Secure systems should be cut to the bone and made as
simple as possible. There is no substitute for
simplicity. Unfortunately, simplicity goes against
everything our digital future stands for. " Bruce
Schneier


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Current thread:

Proper vulnerability disclosure process ???? vipul kumra (Dec 14)
- Re: Proper vulnerability disclosure process ???? InfoSecBOFH (Dec 16)
- Re: Proper vulnerability disclosure process ???? Mike Caudill (Dec 17)