2000/06 : The hacker Rain Forest Puppy published his RFPolicy. The policy is known as the first attempt to formalize the complex issue of disclosure to the vendor or maintainer.
"RFPolicy attempts to encourage on going cooperation between the vendor and the discover leading ultimately to a coordinated public disclosure that includes a vendor patch. However [...] RFPolicy makes no definition as to the content of the public disclosure. The decision to include detailed technical information, scripts, or exploit tools is left entirely up to the discoverer." (Schepherd A. S. April 22, 2003. "How do we define Responsible Disclosure?", GIAC SEC Practical, SANS, p.13)
Critical Commentary
2000/06 : The hacker Rain Forest Puppy published his RFPolicy. The policy is known as the first attempt to formalize the complex issue of disclosure to the vendor or maintainer.
"RFPolicy attempts to encourage on going cooperation between the vendor and the discover leading ultimately to a coordinated public disclosure that includes a vendor patch. However [...] RFPolicy makes no definition as to the content of the public disclosure. The decision to include detailed technical information, scripts, or exploit tools is left entirely up to the discoverer." (Schepherd A. S. April 22, 2003. "How do we define Responsible Disclosure?", GIAC SEC Practical, SANS, p.13)