, 2006-09-05
Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process. In three parts.
LonerVamp
I see that, by and large, most everyone is in agreement except for that one touchy subject: timeliness of a resolution. That seems to be the sticking point and also the most subjective part of the whole process...
[ more ]