Slashdot Mirror

← Back to Stories (view on slashdot.org)

Group Releases Anti-Disclosure Plan

Posted by michael on from the obscurity dept.

dki writes "SecurityFocus reports that the Organization for Internet Safety (OIS), a group of 11 of the largest software and security companies, has released a public draft of a proposed bug disclosure standard. The document outlines a process for reporting and disclosing bugs that aims to eliminate releasing exploits to the general public. Not surprisingly, the OIS was founded out of a Microsoft-hosted security conference. Comments on the draft will be accepted until July 4th; the final copy will be released at the Black Hat Conference in Las Vegas."

16 of 149 comments (clear)

  1. more bugs by double_plus_ungod · · Score: 2, Funny

    microsoft: there's a bug in our bug disclosure process. apply this patch using windows update.

    user: windows update recommends that i install 14 critical updates.

    microsoft: you cannot install this patch without all the updates

    user *installs 10 updates, 11th fails*

    user: uh...

    microsoft: it's your problem. btw, the bug disclosure process bug is your problem too.

    --

    ----
    http://www.hellection.com
  2. Section 9 Missing by robdeadtech · · Score: 5, Funny

    Section 9

    All OIS participants must either look like Peter Norton or Steve Balmer. Minimally this can be preformed by wearing khaki pants, blue denim shirt, and sensible shoes.

    No person or organization wearing black, having purple hair, or listening to obscure music may participate as either a Finder, Vendor, Coordinator, or Arbitrator.

    --
    Heil Sig! -Rob
    1. Re:Section 9 Missing by CAIMLAS · · Score: 2, Funny

      What about Peter North? Does he count?

      (that's what I thought you said! time for bed, damn it!)

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  3. Excellent! by appleLaserWriter · · Score: 4, Funny

    I welcome the day when we no longer have security bugs.

  4. Re:7.1 and 8.2 esp. disturbing. Send Feedback! by PD · · Score: 3, Funny

    I wouldn't describe this as discouraging. I am not in the least bit discouraged when the main competitors to Linux implement a security plan that will be less than effective. Good for them, may they get 1000 security holes.

    --
    If tits were wings it'd be flying around.
  5. New York Times Banner Ad and Non-Disclosure by robdeadtech · · Score: 2, Funny

    Funny that a New York Times Ad was rotated into this story...

    They, in particular, excel at non-disclosure... Perhaps they'll be joining this "Organization for Internet(Information) Safety"

    --
    Heil Sig! -Rob
  6. All you need isn't love by DrSkwid · · Score: 3, Funny

    All you need is the will, the drive, the talent, and the know-how.

    Well, that's a short list just anyone could sort out in a weekend

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  7. A plan! by geekoid · · Score: 2, Funny

    Well that will stop people from releasing the information.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  8. Doh.... by Tachys · · Score: 4, Funny

    You have to sign a non-disclosure agreement in order to see the anti-disclosure plan

  9. Re:7.1 and 8.2 esp. disturbing. Send Feedback! by GauteL · · Score: 4, Funny

    The SCO group is part of this?

    The obligatory:
    1. Create crappy software
    2. Make other people correct it's flaws
    3. Sue the fixers for copyright infringement
    4. Profit!

  10. Re:7.1 and 8.2 esp. disturbing. Send Feedback! by zonix · · Score: 2, Funny

    Hey, you missed something:

    X. ???

    z

    --
    What would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
  11. Title by cperciva · · Score: 3, Funny

    Shouldn't the title to this story have been "Group Discloses Anti-Disclosure Plan"?

    --
    Tarsnap: Online backups for the truly paranoid
  12. The Forgotten Column by BrynM · · Score: 4, Funny
    They forgot to publish the third column:
    Users/Consumers

    3.1.1
    Do nothing. Hope nothing happens to you... not that we would tell you if it could. What you don't know can't hurt you.

    3.1.2
    Do nothing. Hope nothing happens to you... not that we would tell you if it could. What you don't know can't hurt you.

    Repeat until section 7 ("Release Phase")...
    7.2.1
    Thank us for not telling you that your data was vulnerable. Wait for us to issue a patch.
    Unless..."Premature Release"
    7.4.1
    Yell "WTF" and bitch a little. We wouldn't have told you if we didn't have to.
    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  13. Re:what you dont know... by BrynM · · Score: 2, Funny

    How's this offtopic? I think it's a brief attempt at irony. What you (the consumer) don't know can't hurt me (the folks porposing this).

    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  14. uggh... by zonker · · Score: 4, Funny

    I'm just waiting for Bruce Schneier (author of Applied Cryptography and founder of Counterpane Internet Security. Oh yeah, and author of the Twofish and Blowfish algorithms to boot.) to comment on this in the next Cryptogram...

    I'm sure he'll have some interesting things to say. ;)

    --

    Large print giveth, and the small print taketh away

  15. God was this needed... by Thaidog · · Score: 2, Funny

    Thank you! Please don't let everybody know how to hack... Job security ya know...

    --

    ||| I still can't believe Parkay's not butter.