Slashdot Mirror


X-Force Changes Vulnerability Disclosure Policy

BitHive writes "ISS has changed their policy for announcing security vulnerabilities. The new guidelines will give vendors thirty days to come up with a fix before disclosure is made, though there are a number of exceptions that can prompt faster disclosure. From the PC World article, these are: "The vendor issues a patch or announcement; an in-depth discussion of the problem occurs on a public mailing list; active exploitation of any form of the vulnerability occurs on the Internet; ISS receives reliable evidence that a vulnerability is in the wild; the media reports the vulnerability; or the vendor is unresponsive.""

3 of 98 comments (clear)

  1. The 30 days is up. by user+no.+590291 · · Score: -1, Troll
    CERT Announcement:

    Slashdot is vulnerable to first posts!

    1. Re:The 30 days is up. by zapfie · · Score: 0, Troll

      Heh.. where is YOU FAIL IT! when ya need him? ;)

      --
      slashdot!=valid HTML
  2. Re:Happy Christmas Harry by Anonymous Coward · · Score: -1, Troll

    Do you want it autographed?

    Well then send a SASE c/o Mah Pay Pay 2006 Woodlark Rd, Holland, MI 49426.