TechWeb

How To Report Security Holes

Sep 29, 2002 (08:09 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=6503202


Software companies, security vendors, and researchers last week launched the Organization for Internet Safety to develop a standard process for reporting software flaws. A draft plan due early next year will propose that researchers report flaws to vendors before going public and that vendors take all reports seriously. Details about vulnerabilities wouldn't be released for 30 days after a patch is published. Vendors such as @stake, Bindview, and Microsoft began this effort a year ago.