[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Questions about reporting a vulnerability
- To: "xyberpix" <xyberpix@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Questions about reporting a vulnerability
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Fri, 29 Apr 2005 07:37:31 -0700
you are looking for this...
http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf
http://www.oisafety.org
cheers,
Donnie Werner
> Hey All,
>
> Couple of questions on reporting vulnerabilities:
>
> 1) Is there a damn template somewhere that can be used, as I'm pretty sure
> there was at one point, and I can't seem to find it? If so, could someone
> please let me know where this is located?
>
> 2) Is it worth sending something out like a cookie storing usernames and
> passwords in clear text for a major vendor's piece of software?
>
> 3) What's the correct procedure to go through reporting a vulnerability?
>
> If all of these questions can be answered with one simple link, can
> someone please paste it, as I really need to know this info soon.
>
> TIA
>
> xyberpix
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/