Full Disclosure: it's all about timing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

it's all about timing

From: full-disclosure () lists netsys com (Steven M. Christey)
Date: Fri, 2 Aug 2002 01:15:19 -0400 (EDT)

On Wed, 31 Jul 2002, Eric N. Valor wrote:

RFPolicy always seemed reasonable to me.


Joey Kelly asked:

Got a URL for that?


http://www.wiretrip.net/rfp/policy.html

RFPolicy is an excellent document, which much of the responsible
disclosure draft is based on.  However, it focuses on the researcher.
The responsible disclosure draft also includes recommendations for
vendors that would make it easier on researchers who want to follow
RFPolicy.  Where RFPolicy says "give the vendors X working days to
respond," the RVDP has recommendations for researchers to give vendors
X days, and complementary guidelines for vendors to respond within X
days.  (X = 5 for RFPolicy and X=7 for RVDP, as discussed in a
previous email).

- Steve

By Date By Thread

Current thread:

it's all about timing, (continued)
- it's all about timing Don (Aug 01)
- it's all about timing Dunbar, Gregory (Aug 01)
- it's all about timing Steven M. Christey (Aug 01)
- it's all about timing Steven M. Christey (Aug 01)
  - it's all about timing Kurt Seifried (Aug 02)
- it's all about timing Steven M. Christey (Aug 01)
  - it's all about timing Evrim ULU (Aug 02)
    - it's all about timing Juliao Duartenn (Aug 02)
    - it's all about timing KF (Aug 05)
    - it's all about timing ATD (Aug 05)
    - it's all about timing ATD (Aug 05)