[Am-info] OIS Releases Draft Disclosure Guidelines(OT)
Fred A. Miller
fm@cupserv.org
Thu, 12 Jun 2003 10:36:00 -0400
OIS Releases Draft Disclosure Guidelines
(4/5 June 2003)
The Organization for Internet Safety (OIS), a coalition comprised of
security and software companies, has drafted a set of guidelines that
defines a standardized process for sharing information about security
vulnerabilities. The draft gives software makers seven days to respond
to researchers' notifications of flaws, and asks that the companies
develop a patch for the problem within 30 days. The researchers who
find the flaws are required to keep vulnerability details under their
hats for 30 days after the release of the patch. OIS is accepting
comments on the draft by e-mail until July 4.
http://zdnet.com.com/2102-1105_2-1013423.html?tag=printthis
http://www.securityfocus.com/news/5458
http://www.oisafety.org/process.html
--
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org