Group Releases Anti-Disclosure Plan
dki writes "SecurityFocus reports that the Organization for Internet Safety (OIS), a group of 11 of the largest software and security companies, has released a public draft of a proposed bug disclosure standard. The document outlines a process for reporting and disclosing bugs that aims to eliminate releasing exploits to the general public. Not surprisingly, the OIS was founded out of a Microsoft-hosted security conference. Comments on the draft will be accepted until July 4th; the final copy will be released at the Black Hat Conference in Las Vegas."
Section 9
All OIS participants must either look like Peter Norton or Steve Balmer. Minimally this can be preformed by wearing khaki pants, blue denim shirt, and sensible shoes.
No person or organization wearing black, having purple hair, or listening to obscure music may participate as either a Finder, Vendor, Coordinator, or Arbitrator.
Heil Sig! -Rob
I welcome the day when we no longer have security bugs.
I wouldn't describe this as discouraging. I am not in the least bit discouraged when the main competitors to Linux implement a security plan that will be less than effective. Good for them, may they get 1000 security holes.
If tits were wings it'd be flying around.
All you need is the will, the drive, the talent, and the know-how.
Well, that's a short list just anyone could sort out in a weekend
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
You have to sign a non-disclosure agreement in order to see the anti-disclosure plan
The SCO group is part of this?
The obligatory:
1. Create crappy software
2. Make other people correct it's flaws
3. Sue the fixers for copyright infringement
4. Profit!
Shouldn't the title to this story have been "Group Discloses Anti-Disclosure Plan"?
Tarsnap: Online backups for the truly paranoid
US Democracy:The best person for the job (among These pre-selected choices...)
I'm just waiting for Bruce Schneier (author of Applied Cryptography and founder of Counterpane Internet Security. Oh yeah, and author of the Twofish and Blowfish algorithms to boot.) to comment on this in the next Cryptogram...
;)
I'm sure he'll have some interesting things to say.
Large print giveth, and the small print taketh away