'Responsible Disclosure' Draft Could Have Legal Muscle

'Responsible Disclosure' Draft Could Have Legal Muscle
Mark Rasch, 2002-03-11

A proposed Internet standard would dictate how researchers report and vendors close security vulnerabilities. Ignoring it could be risky for either side.

Expand all | Post comment

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-11
Michael Morgenstern

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-12
Coldman (1 replies)

> "official Internet standard, called an "RFC"

Internet standards are named STD, not RFC.

RFC is "Request for comments" and nothing more, unless widely accepted/recognized as standard. Publishing a RFC won't make it standard by itself.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/66/10951#10951

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-13
Francisco Sáa Muñoz

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-12
Chris

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-12
Michael Morgenstern

Not all RFCs are standards (see RFC 1796) 2002-03-13
Dwonis (1 replies)

Not all RFCs are standards (see RFC 1796) 2002-03-14
Hal

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-16
Keith

'Responsible Disclosure' Draft Could Have Legal Muscle 2002-03-22
S.Ye

Grace Hopper and Liability 2002-03-22
J.R.

Some good points, but too legalistic. 2002-03-22
Anonymous