Security Basics mailing list archives
Re: Things to do before vulnerability disclosure
From: "Sheldon Malm" <smalm () ncircle com>
Date: Mon, 15 Jun 2009 12:02:35 -0700
By "them", I believe Nicholas means report with discretion to the vendor (or organization if open source) to give them a reasonable chance to resolve the issue (i.e. Patch) before any public disclosure. Not to open the "responsible disclosure" flame war, but that is the practice that we use and encourage. -------------------------- Sheldon Malm Director Security Research and Development nCircle VERT Sent from my BlackBerry Wireless Handheld ----- Original Message ----- From: listbounce () securityfocus com <listbounce () securityfocus com> To: Giuseppe Fuggiano <giuseppe.fuggiano () gmail com> Cc: security-basics () securityfocus com <security-basics () securityfocus com> Sent: Mon Jun 15 09:44:22 2009 Subject: Re: Things to do before vulnerability disclosure Tell them? Sent from my iPhone On Jun 12, 2009, at 5:25 PM, Giuseppe Fuggiano <giuseppe.fuggiano () gmail com
wrote:
Hi list, What are, if any, the legal and "ethical" things to do before someone could publicly disclosure a given vulnerability? -- Giuseppe --- --------------------------------------------------------------------- This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html --- ---------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 15)
- Re: Things to do before vulnerability disclosure Nicholas Harvey (Jun 15)
- <Possible follow-ups>
- Re: Things to do before vulnerability disclosure Sheldon Malm (Jun 15)