Politics
Policy and Law
Tuesday, March 19, 2002
Policy and Law
Tuesday, March 19, 2002
Responsible Disclosure Draft Pulled
Steve Christey and Chris Wysopal have pulled their proposed guidelines for 'responsible disclosure' from the IETF after members indicated they felt the body wasn't the appropriate place to debate procedures. The proposal has met with lukewarm approval, with critics pointing out that the procedures called only for a vendor's best efforts to forstall disclosure. As we've seen, vendors will be likely to interpret 'best efforts' in rather different ways. Bruce Schneier also has some interesting Security-flaw guidelines hit pothole. A proposal on how security bugs in software should be responsibly disclosed to the public is withdrawn from the Net's primary technical-standards body. [CNET News.com]
Steve Christey and Chris Wysopal have pulled their proposed guidelines for 'responsible disclosure' from the IETF after members indicated they felt the body wasn't the appropriate place to debate procedures. The proposal has met with lukewarm approval, with critics pointing out that the procedures called only for a vendor's best efforts to forstall disclosure. As we've seen, vendors will be likely to interpret 'best efforts' in rather different ways. Bruce Schneier also has some interesting Security-flaw guidelines hit pothole. A proposal on how security bugs in software should be responsibly disclosed to the public is withdrawn from the Net's primary technical-standards body. [CNET News.com]
8:32:51 AM 
