, 2002-03-11
A proposed Internet standard would dictate how researchers report and vendors close security vulnerabilities. Ignoring it could be risky for either side.
Expand all |
Post comment
|
'Responsible Disclosure' Draft Could Have Legal Muscle
, 2002-03-11 A proposed Internet standard would dictate how researchers report and vendors close security vulnerabilities. Ignoring it could be risky for either side.
Expand all |
Post comment
|
|
|
Privacy Statement |
piece goes well beyond the intent of the Internet Draft itself. There is
a world of difference between an informal guideline that will serve both
the security research and software development communities, as a
tool, and the kind of legalistic baseball bat that Rasch describes here.
If anything, the draft should refocus our efforts to maintain a sense of
community and co-operation, instead of fostering animosity. Security
and software folks are participants in a process that works best when
we're primarily concerned with doing our respective jobs well. Sure, a
tendency exists today to drag every contentious technical issue into a
court room or legislative chamber, but we can all decide to aim higher
than this.
OB-Advocacy: Full disclosure cannot be abandoned wholesale in our
attempts to be "reasonable". Responsible disclosure, at times, will still
obligate our most "reasonable" researchers to employ full disclosure.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/66/11350#11350