Full Disclosure mailing list archives
Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 05 Jul 2004 23:36:23 +0200
The Organization for Internet Safety (OIS) extends an invitation to the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing lists to participate in the ongoing public review of the OIS Security Vulnerability Reporting and Response Guidelines.
The definition of the term "security vulnerability" still does not match current industry practice. Almost all COTS software lacks a publicly reviewable design document, and popular software has not been designed for Internet security *at* *all*. In a few cases, this is even acknowledged by the vendor (think of Microsoft Windows Me or Microsoft Windows NT). In fact, I can't think of any recent, critical vulnerability that matches your definition of a vulnerability. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines, (continued)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Fred Mobach (Jul 04)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Randy Bush (Jul 05)
- RE: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines Thomas48 (Jul 06)
- Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines ET LoWNOISE (Jul 08)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Georgi Guninski (Jul 05)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Valdis . Kletnieks (Jul 08)
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines Florian Weimer (Jul 05)