IETF

Artifacts

Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt
'Responsible Disclosure' Draft Could Have Legal Muscle - Rasch on Christey and Wysopal draft
Schneier - Crypto-Gram March 15, 2002
The realities of Disclosure : Morgenstern and Parker on Christey and Wysopal failure

License

All rights reserved.

Creator(s)

Chris Wysopal
Steve Christey

Contributors

David Bozzini
Elise Vuitton

Contributed date

January 7, 2023 - 5:47pm

Critical Commentary

2002/02 : Steve Christey from MITRE and Chris Wysopal create IETF Draft. "The purpose of this document is to describe best practices for a responsible disclosure process that involves vulnerability reporters, product vendors or maintainers, third parties, the security community, and ultimately customers and users." (p.1). 

Group Audience

Tags

IETF
responsible disclosure
vendor-researcher relationship
vulnerability disclosure policy
vulnerability disclosure debate
vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel