Steven M. Christey wrote:
The US Department of Homeland Security's "Vulnerability Disclosure Framework" document here: http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
*cough* Full Disclosure Policy (RFPolicy) v2.0 http://www.wiretrip.net/rfp/policy.htmlThis basically means for vendors: Monitor security@xxxxxxxxxxx, fix promptly, and communicate with reporter in all stages.
Ben