Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 05 Jul 2004 23:36:23 +0200

The Organization for Internet Safety (OIS) extends an invitation to
the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
lists to participate in the ongoing public review of the OIS Security
Vulnerability Reporting and Response Guidelines.

The definition of the term "security vulnerability" still does not
match current industry practice.  Almost all COTS software lacks a
publicly reviewable design document, and popular software has not been
designed for Internet security *at* *all*.  In a few cases, this is
even acknowledged by the vendor (think of Microsoft Windows Me or
Microsoft Windows NT).

In fact, I can't think of any recent, critical vulnerability that
matches your definition of a vulnerability.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]