[VIM] what is "responsibly disclosed" to you?
jericho at attrition.org
Sun Aug 7 01:20:46 EDT 2005
We're all (overly) familiar with the full disclosure debate. Moving past
that, assuming that a researcher warns a vendor before publishing, what
exactly makes it responsibly disclosed?
Notifying the vendor? Is a timeframe part of this? (ie: not 2 hours before
Not publishing exploit code?
Providing a work around, interim solution, or vendor solution?
If you had to mark each vulnerability in a database as responsibly
disclosed or not, what criteria would you use?
More information about the VIM