lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3D4A80AD.8020403@guninski.com> From: guninski at guninski.com (Georgi Guninski) Subject: Re: it's all about timing Steven M. Christey wrote: > > A number of people thought that the disclosure process draft placed > too much of an emphasis on using third parties. That will be weakened > to a suggestion in the next version. > > I disagree with 3.6.2 Reporter Responsibilities from the draft. My concerns are at: http://www.guninski.com/rfcsec.html I believe a lot of people won't like some RFC to forcefully put responsibilities on them. Who benefits from keeping reporters quiet for as long as possible - only big corps who can't code in my opinion. A recent study showed that a lot of professionals want information about vulnerabilities as soon as possible. Georgi Guninski http://www.guninski.com