Slashdot Mirror

← Back to Stories (view on slashdot.org)

X-Force Changes Vulnerability Disclosure Policy

Posted by michael on from the sssshhhhh dept.

BitHive writes "ISS has changed their policy for announcing security vulnerabilities. The new guidelines will give vendors thirty days to come up with a fix before disclosure is made, though there are a number of exceptions that can prompt faster disclosure. From the PC World article, these are: "The vendor issues a patch or announcement; an in-depth discussion of the problem occurs on a public mailing list; active exploitation of any form of the vulnerability occurs on the Internet; ISS receives reliable evidence that a vulnerability is in the wild; the media reports the vulnerability; or the vendor is unresponsive.""

8 of 98 comments (clear)

  1. Happy Christmas Harry by Anonymous Coward · · Score: -1, Offtopic

    I love my penis, yes I do!

    1. Re:Happy Christmas Harry by Anonymous Coward · · Score: -1, Offtopic

      Can I get a picture of you two kissing?

  2. No real validity by Anonymous Coward · · Score: -1, Offtopic

    First post Perhaps

  3. first post disclosure policy by Anonymous Coward · · Score: -1, Offtopic

    not first post, but anybody (specifically cmdrtaco!) notice that using random post numbers hasn't reduced first-posting?

    while we're at it, ip banning hasn't reduced trolling either.

  4. 9th by Anonymous Coward · · Score: -1, Offtopic

    post bytch

    penis in my pants penis in my pants do a little dance penis in my pants

  5. Java by Anonymous Coward · · Score: -1, Offtopic

    I've decided to pick up Java as my first programming language, but I would like to know if there is an easier one to learn. Seems like thirty days is a little too long for a security fix on this issue though.

  6. ISS Maintainers Change X-Prize Rules by SeanTobin · · Score: -1, Offtopic
    In a 4 page press release by the maintainers of the ISS, several key points of the X-Prize have been changed:
    • All participants have 30 days from when they announce thier intent to compete for the X-Prize, to successfully complete two consectuive launches.
    • Vehicles no longer need to be privately funded or built.
    • The percentage of non-propellant mass between the two flights that may be replaced is still limited to 10 percent, except in the event of the media reporting otherwise.
    • The maintainers of the ISS maintain the right to oversee maintance of the X-Prize craft. Additionally, they reserve the right to coordinate the maintance with third party or other governmental agencies.
    • The X-Prize will be awarded when the maintainers of the ISS either: witness two successful consecutive launches within the provided guidelines, or the maintainers of the ISS receive information from reliable sources - or the media - that the launches have been completed.
    --
    Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
  7. X-Force?? by Anomalous+Cowbird · · Score: 0, Offtopic

    Didn't they change their name to X-Statix? (Way back when, they used to be the New Mutants. Sigh . . . .)