Full Disclosure mailing list archives

Re: Questions about reporting a vulnerability

From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Fri, 29 Apr 2005 07:37:31 -0700

you are looking for this...
http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf

http://www.oisafety.org

cheers,
Donnie Werner

Hey All,

Couple of questions on reporting vulnerabilities:

1) Is there a damn template somewhere that can be used, as I'm pretty sure
there was at one point, and I can't seem to find it? If so, could someone
please let me know where this is located?

2) Is it worth sending something out like a cookie storing usernames and
passwords in clear text for a major vendor's piece of software?

3) What's the correct procedure to go through reporting a vulnerability?

If all of these questions can be answered with one simple link, can
someone please paste it, as I really need to know this info soon.

TIA

xyberpix

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: How to Report a Security Vulnerability toMicrosoft, (continued)
- - Re: How to Report a Security Vulnerability toMicrosoft Morning Wood (Apr 08)
- RE: How to Report a Security Vulnerability toMicrosoft Randall M (Apr 09)
- Re: How to Report a Security Vulnerability to Microsoft Kevin (Apr 26)
  - RE: How to Report a Security Vulnerability toMicrosoft Gary O'leary-Steele (Apr 27)
    - Re: How to Report a Security Vulnerability toMicrosoft class101 () phreaker net (Apr 27)
    - Re: How to Report a Security Vulnerability toMicrosoft Kevin (Apr 27)
    - Questions about reporting a vulnerability xyberpix (Apr 29)
    - Re: Questions about reporting a vulnerability Rob (Apr 29)
    - Re: Questions about reporting a vulnerability mikx (Apr 29)
    - Re: Questions about reporting a vulnerability xyberpix (Apr 29)
    - Re: Questions about reporting a vulnerability Morning Wood (Apr 29)
  - Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 28)
    - Re: How to Report a Security Vulnerability to Microsoft Tatercrispies (Apr 28)
    - Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 28)
    - Re: How to Report a Security Vulnerability to Microsoft Tatercrispies (Apr 28)
    - Re: How to Report a Security Vulnerability to Microsoft class101 () hat-squad com (Apr 28)
    - Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 28)
- Re: How to Report a Security Vulnerability to Microsoft tuytumadre (Apr 10)
  - Re: How to Report a Security Vulnerability to Microsoft Dan Becker (Apr 11)
- Re: How to Report a Security Vulnerability to Microsoft tuytumadre (Apr 11)