"A group of security researchers at Google has written a vague proposal for how to handle vulnerability disclosures.
The debate over vulnerability disclosure policies is one of the oldest in computer security, but it's obvious that this particular paper has a more recent instigation: Just last month one of the Google researchers, Tavis Ormandy, disclosed a vulnerability in Windows that he discovered less than 5 days after reporting it to Microsoft, complete with proof of concept code, because he didn't like Microsoft's response"
Google Researchers Speak Out on Disclosure Policies - Security Watch
No comments:
Post a Comment