The RFPolicy states the recomended way to contact a vendor about security vulnerabilities in their products. It is written by [Rain Forest Puppy]?, and is in no way a definite guide. It is his recomended policy, and both the full disclosure community and most vendors seems to like it. Someone, help me out NPOV'ing that |
The RFPolicy states the recommended way to contact a vendor about [security vulnerabilities]? in their products. It is written by [Rain Forest Puppy]?, and is in no way a definite guide. It is his recommended policy, and both the full disclosure community and most vendors seems to like it. Someone, help me out NPOV'ing that The policy basically gives the vendor 5 working days to respond to the originator of the problem. If no contact is made by the vendor to the originator in 5 days, the issue is recomended to be disclosed to the general community. The originator should help the vendor to reproduce the problem, and to work out a fix. The originator should delay notifying the general community about the problem if the vendor provides feasible reasons for requiring so. |
The policy basically gives the vendor 5 working days to respond to the originater of the problem. If no contact is made by the vendor to the originator in 5 days, the issue is recomended to be disclosed to the general community. The originator should help the vendor to reproduce the problem, and to work out a fix. The originator should delay notifying the general community about the problem if the vendor provides feasible reasons for requiring so. |
The RFPolicy: |
http://www.wiretrip.net/rfp/policy.html |
External links: *[The RFPolicy] |