WebApp Sec mailing list archives
Re: Procedure for publishing a new vulnerability?
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Wed, 26 Sep 2007 17:27:21 +0100
On 24/09/2007, Thomas <tom () electric-sheep org> wrote:
an example: http://www.wiretrip.net/rfp/policy.html
Or if you want to hand off to someone else, e.g. if you haven't time to chase the vendor, you might consider one of the commercial initiatives, such as http://www.zerodayinitiative.com/ . Your local CERT might also be able to chase up such things with the vendor. I have no experience of the ZDI and I'm sure it has its own good and bad points. cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe --------------------------------------------------------------------------
Current thread:
- Procedure for publishing a new vulnerability? vinod sharma (Sep 21)
- Re: Procedure for publishing a new vulnerability? Thomas (Sep 26)
- Re: Procedure for publishing a new vulnerability? Jamie Riden (Sep 26)
- RE: Procedure for publishing a new vulnerability? William J. Mills (Sep 26)
- Re: Procedure for publishing a new vulnerability? Thomas (Sep 26)