Vulnerability Development mailing list archives
RFPolicy for vulnerability disclosure
From: rfp () WIRETRIP NET (rain forest puppy)
Date: Mon, 12 Jun 2000 18:51:26 -0500
I'm not sure if anyone would be interested, but I thought I would give it a whirl anyway just in case.... I just posted what I've dubbed as 'RFPolicy'. RFPolicy is an inititive to help establish concrete guidelines for disclosure of security problems. This was prompted due to many recent responses from vendors such as "we were never given a chance", or "there is an 'unwritten' standard of notifying the vendor X days ahead of time", etc. My intent is not to push this policy onto the community. Everyone can obviously do whatever they feel like. But *I* will be using this disclosure policy in all future security disclosures, and I encourage anyone wishing to use or modify it, to do so. Feedback on the policy is also welcome. It can be found at: http://www.wiretrip.net/rfp/policy.html Thanks, - rain forest puppy
Current thread:
- RFPolicy for vulnerability disclosure rain forest puppy (Jun 12)