Slashdot Mirror


Group Releases Anti-Disclosure Plan

dki writes "SecurityFocus reports that the Organization for Internet Safety (OIS), a group of 11 of the largest software and security companies, has released a public draft of a proposed bug disclosure standard. The document outlines a process for reporting and disclosing bugs that aims to eliminate releasing exploits to the general public. Not surprisingly, the OIS was founded out of a Microsoft-hosted security conference. Comments on the draft will be accepted until July 4th; the final copy will be released at the Black Hat Conference in Las Vegas."

9 of 149 comments (clear)

  1. Section 9 Missing by robdeadtech · · Score: 5, Funny

    Section 9

    All OIS participants must either look like Peter Norton or Steve Balmer. Minimally this can be preformed by wearing khaki pants, blue denim shirt, and sensible shoes.

    No person or organization wearing black, having purple hair, or listening to obscure music may participate as either a Finder, Vendor, Coordinator, or Arbitrator.

    --
    Heil Sig! -Rob
  2. Excellent! by appleLaserWriter · · Score: 4, Funny

    I welcome the day when we no longer have security bugs.

  3. Re:7.1 and 8.2 esp. disturbing. Send Feedback! by PD · · Score: 3, Funny

    I wouldn't describe this as discouraging. I am not in the least bit discouraged when the main competitors to Linux implement a security plan that will be less than effective. Good for them, may they get 1000 security holes.

  4. All you need isn't love by DrSkwid · · Score: 3, Funny

    All you need is the will, the drive, the talent, and the know-how.

    Well, that's a short list just anyone could sort out in a weekend

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  5. Doh.... by Tachys · · Score: 4, Funny

    You have to sign a non-disclosure agreement in order to see the anti-disclosure plan

  6. Re:7.1 and 8.2 esp. disturbing. Send Feedback! by GauteL · · Score: 4, Funny

    The SCO group is part of this?

    The obligatory:
    1. Create crappy software
    2. Make other people correct it's flaws
    3. Sue the fixers for copyright infringement
    4. Profit!

  7. Title by cperciva · · Score: 3, Funny

    Shouldn't the title to this story have been "Group Discloses Anti-Disclosure Plan"?

  8. The Forgotten Column by BrynM · · Score: 4, Funny
    They forgot to publish the third column:
    Users/Consumers

    3.1.1
    Do nothing. Hope nothing happens to you... not that we would tell you if it could. What you don't know can't hurt you.

    3.1.2
    Do nothing. Hope nothing happens to you... not that we would tell you if it could. What you don't know can't hurt you.

    Repeat until section 7 ("Release Phase")...
    7.2.1
    Thank us for not telling you that your data was vulnerable. Wait for us to issue a patch.
    Unless..."Premature Release"
    7.4.1
    Yell "WTF" and bitch a little. We wouldn't have told you if we didn't have to.
    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  9. uggh... by zonker · · Score: 4, Funny

    I'm just waiting for Bruce Schneier (author of Applied Cryptography and founder of Counterpane Internet Security. Oh yeah, and author of the Twofish and Blowfish algorithms to boot.) to comment on this in the next Cryptogram...

    I'm sure he'll have some interesting things to say. ;)