RFPolicy

RFPolicy

The RFPolicy states a method of contacting vendors about security vulnerabilities found in their products. It is written and recommended by Rain Forest Puppy.

The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter in those five days, the issue is recommended to be disclosed to the general community. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so.

If the vendor fails to respond or shuts down communication with the reporter of the problem in more than five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug.

External links

* [http://www.wiretrip.net/rfp/policy.html RFPolicy v2.0]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Full disclosure — In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity. The concept of full disclosure… …   Wikipedia

  • Zero day attack — A zero day (or zero hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses. Zero day… …   Wikipedia

  • Weld Pond — infobox Scientist name = Chris Wysopal birth date = Birth date and age|1965|12|01|df=y residence = citizenship = field = Computer science work institutions = L0pht @stake Symantec Veracode alma mater = Rensselaer Polytechnic Institute known for …   Wikipedia

  • Chris Wysopal — Born 1 December 1965 (1965 12 01) (age 45) R …   Wikipedia

  • Zero-day attack — This article is about technical vulnerabilities. For other uses, see Zero day (disambiguation). A zero day (or zero hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”