Sep 29, 2002 (08:09 PM EDT)
How To Report Security Holes
Read the Original Article at InformationWeek
Software companies, security vendors, and researchers last week launched the Organization for Internet Safety to develop a standard process for reporting software flaws. A draft plan due early next year will propose that researchers report flaws to vendors before going public and that vendors take all reports seriously. Details about vulnerabilities wouldn't be released for 30 days after a patch is published. Vendors such as @stake, Bindview, and Microsoft began this effort a year ago.