mailing list archives
Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 05 Jul 2004 23:36:23 +0200
The Organization for Internet Safety (OIS) extends an invitation to
the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
lists to participate in the ongoing public review of the OIS Security
Vulnerability Reporting and Response Guidelines.
The definition of the term "security vulnerability" still does not
match current industry practice. Almost all COTS software lacks a
publicly reviewable design document, and popular software has not been
designed for Internet security *at* *all*. In a few cases, this is
even acknowledged by the vendor (think of Microsoft Windows Me or
Microsoft Windows NT).
In fact, I can't think of any recent, critical vulnerability that
matches your definition of a vulnerability.
Full-Disclosure - We believe in it.
- Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines, (continued)