A security coalition has published draft guidelines for issuing bug alerts, a bid to temper a hot debate over when and how alerts should be released. The draft rules were released Wednesday by the Organization for Internet Safety (OIS), a group composed of software companies and security firms, which have found themselves on opposite sides of the debate. Scott Culp, senior security strategist for Microsoft, said the document is intended to keep both researchers and software makers honest. “You have a situation, where–on both sides–the lack of a standardized process presents a chance of confusion and the possibility of problems,” he said. “Confusion, when dealing with vulnerabilities, ends up hurting the people we are trying to protect–the users.” Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.