[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Questions about reporting a vulnerability
From:       "Morning Wood" <se_cur_ity () hotmail ! com>
Date:       2005-04-29 14:37:31
Message-ID: BAY10-DAV17FDC031EC56CA1202E8C8D9240 () phx ! gbl
[Download RAW message or body]

you are looking for this...
http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf


http://www.oisafety.org

cheers,
Donnie Werner

> Hey All,
> 
> Couple of questions on reporting vulnerabilities:
> 
> 1) Is there a damn template somewhere that can be used, as I'm pretty sure
> there was at one point, and I can't seem to find it? If so, could someone
> please let me know where this is located?
> 
> 2) Is it worth sending something out like a cookie storing usernames and
> passwords in clear text for a major vendor's piece of software?
> 
> 3) What's the correct procedure to go through reporting a vulnerability?
> 
> If all of these questions can be answered with one simple link, can
> someone please paste it, as I really need to know this info soon.
> 
> TIA
> 
> xyberpix
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]