Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

PDF Document

It appears your Web browser is not configured to display PDF files. Download adobe Acrobat or click here to download the PDF file.

License

All rights reserved.

Contributed date

March 29, 2022 - 10:35am

Critical Commentary

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of these guidelines, or they may intentionally ignore them. This state of affairs can make it difficult to achieve a satisfactory outcome for everyone who uses or is affected by vulnerability information. The purpose of this document is to describe best practices for a responsible disclosure process that involves vulnerability reporters, product vendors or maintainers, third parties, the security community, and ultimately customers and users." (p.1) 

This artifact is part of the IETF Bundle.