jkouns at opensecurityfoundation.org
Tue Aug 24 19:50:07 CDT 2010
Definitely curious to see what happens for sure ... As many already
know a vuln disclosure portal to help with the process and make
advisories more mad libs style was a goal of OSVDB and we started work
on it during the 2006 Google Summer of Code....
We called it the OSVDB Ethical Disclosure Framework at the time which
we ultimately abandoned the term ethical for coordinated disclosure.
This had been one of the projects that we wanted for years and we
thought it was validated as we were seeing more and more issues with
the disclosure process!
We believed all along that OSVDB could be the service that helped to
improve, streamline and more importantly remove the mystery of the
breakdowns in the process. OSVDB has been handling one-off disclosures
for researchers over the past 8 years and it is not an easy task. The
amount of time it takes to handle a disclosure process is huge. We
realized early on that a lot of the process needed to be automated in
order to be successful and repeatable.
Copied the project info@ on this email so perhaps we can get an update
from the project team and determine if it makes sense to potentially
work together and/or integrate with OSVDB.
On Tue, Aug 24, 2010 at 5:19 PM, security curmudgeon
<jericho at attrition.org> wrote:
> On Tue, 24 Aug 2010, Art Manion wrote:
> : http://www.upsploit.com/
> : Is this on anyone's radar?
> We saw it a few weeks back, read the web page and found it interesting.
> Haven't heard anything about it other than what is there now.
More information about the VIM