<<< Date Index >>>     <<< Thread Index >>>

Re: Vendor guidelines regarding security contacts



Steven M. Christey wrote:
The US Department of Homeland Security's "Vulnerability Disclosure
Framework" document here:

  http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf

*cough*

Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html

This basically means for vendors: Monitor security@xxxxxxxxxxx, fix promptly, and communicate with reporter in all stages.

Ben