lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200208080004.g7804LD23383@mailserver4.hushmail.com> From: choose.a.username at hushmail.com (choose.a.username@...hmail.com) Subject: Re: it\'s all about timing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This all after the fact. These names and labels are assigned once the deed is done. It cannot be like that. More importantly you need to define what a "vulnerabililty" is otherwise no matter what your guidline says or suggests, without that definition we could be talking magic tricks. > >The current short definition of "reporter/notifier" is: > > A [Reporter/Notifier] is the individual or organization that > informs (or attempts to inform) the Vendor of the vulnerability. > Note that the [Reporter/Notifier] may not have been the initial > discoverer of the problem. > >The current draft doesn't include any definition of "security >advisory," so that will need to be addressed. > >Thanks, >- Steve > -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmYEARECACYFAj1RtIgfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT 5JkCl0iMkNH5AJ9V9HWiv+nN5rNfeQKsA+/fkUDoAwCeK5Si4JST6JiXtvI6Pn7NyF8I Esc= =EoNv -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Powered by blists - more mailing lists