Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: it\'s all about timing

From: full-disclosure () lists netsys com (full-disclosure () lists netsys com)
Date: Wed, 7 Aug 2002 17:04:21 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This all after the fact. These names and labels are assigned once the deed is done.

It cannot be like that.

More importantly you need to define what a "vulnerabililty" is otherwise no matter what your guidline says or suggests, 
without that definition we could be talking magic tricks.



The current short definition of "reporter/notifier" is:

  A [Reporter/Notifier] is the individual or organization that
  informs (or attempts to inform) the Vendor of the vulnerability.
  Note that the [Reporter/Notifier] may not have been the initial
  discoverer of the problem.

The current draft doesn't include any definition of "security
advisory," so that will need to be addressed.

Thanks,
- Steve




-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmYEARECACYFAj1RtIgfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT
5JkCl0iMkNH5AJ9V9HWiv+nN5rNfeQKsA+/fkUDoAwCeK5Si4JST6JiXtvI6Pn7NyF8I
Esc=
=EoNv
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Previous By Date Next
Previous By Thread Next

Current thread: