Re: Procedure for publishing a new vulnerability?

["Jamie Riden" <jamie.riden () gmail com>]

On 24/09/2007, Thomas <tom () electric-sheep org> wrote:
> an example:
> http://www.wiretrip.net/rfp/policy.html

Or if you want to hand off to someone else, e.g. if you haven't time
to chase the vendor, you might consider one of the commercial
initiatives, such as http://www.zerodayinitiative.com/ . Your local
CERT might also be able to chase up such things with the vendor.

I have no experience of the ZDI and I'm sure it has its own good and
bad points.

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
--------------------------------------------------------------------------