<<< Date Index >>> <<< Thread Index >>>

Re: Vendor guidelines regarding security contacts

To: "Steven M. Christey" <coley@xxxxxxxxx>
Subject: Re: Vendor guidelines regarding security contacts
From: Ben Bucksch <news@xxxxxxxxxxx>
Date: Fri, 12 Jan 2007 05:25:39 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200701081949.l08JnuMp011203@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Me, myself and I
References: <200701081949.l08JnuMp011203@xxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0a1 (X11/20060914)

Steven M. Christey wrote:

The US Department of Homeland Security's "Vulnerability Disclosure
Framework" document here:

  http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf


*cough*

Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html

This basically means for vendors: Monitor security@xxxxxxxxxxx, fixpromptly, and communicate with reporter in all stages.

Ben

Follow-Ups:
- Re: Vendor guidelines regarding security contacts
  - From: Steven M. Christey

References:
- Vendor guidelines regarding security contacts
  - From: Steven M. Christey

Prev by Date: Lies? [Was: Re: Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability]
Next by Date: Re: [Full-disclosure] Web Honeynet Project: announcement,
Previous by thread: Re: Vendor guidelines regarding security contacts
Next by thread: Re: Vendor guidelines regarding security contacts
Index(es):
- Date
- Thread