Slashdot Mirror

← Back to Stories (view on slashdot.org)

X-Force Changes Vulnerability Disclosure Policy

Posted by michael on from the sssshhhhh dept.

BitHive writes "ISS has changed their policy for announcing security vulnerabilities. The new guidelines will give vendors thirty days to come up with a fix before disclosure is made, though there are a number of exceptions that can prompt faster disclosure. From the PC World article, these are: "The vendor issues a patch or announcement; an in-depth discussion of the problem occurs on a public mailing list; active exploitation of any form of the vulnerability occurs on the Internet; ISS receives reliable evidence that a vulnerability is in the wild; the media reports the vulnerability; or the vendor is unresponsive.""

2 of 98 comments (clear)

  1. $40 billion by neurostar · · Score: 2, Funny

    No wonder we spent $40 billion on ISS!

    They needed to research and develop their policies.

    Whoops.... wrong ISS

  2. Surefire way to deal with pesky s'kiddies... by MonTemplar · · Score: 2, Funny

    Send in the real, original X-Force !

    (Boy, did that headline have me confused or what?)

    --
    -MT.