Collaborative Security
The knowledge based including all Internet Society
Become member of Internet Society here: https://www.internetsociety.org/get-involved
#TheNext25 #DigitalRights
Originally shared by Internet Society
Responsible Disclosure and Collaborative Security. https://www.internetsociety.org/blog/tech-matters/2017/02/responsible-disclosure-collaborative-security-perspective
Andre Amorim says
I really like Metasploit/Rapid7 vulnerability disclosure policy …
Rapid7 will keep any communication confidential regarding the vulnerability until the completion of the disclosure process.
Rapid7 will attempt to contact the appropriate product vendor by email and telephone.
Rapid7 will provide the vulnerability details to the vendor.
Rapid7 will send a notification to CERT/CC 15 days after the first attempt at contacting the vendor.
In keeping with CERT/CC’s 45-day disclosure policy, Rapid7 and CERT/CC will prepare and publish an advisory detailing the vulnerability at least 60 days after initial attempts at disclosure at stage #2, above, excluding weekends, US holidays, or other extenuating circumstances. This advisory will be made available to the general public.
Nina Trankova says
Andre Amorim very trustful! I appreciate your comment as always, highly professional!