RealNews

Disclosure plan faulted

Major software vendors are banding together to try to change how security flaws are publicised. Experts last week raised doubts about guidelines from Microsoft and major security firms for the safe disclosure of software flaws. Under the guidelines, due on 28 July, the Organisation for Internet Safety (OIS) says finders of flaws should not publicise them, but inform vendors who will have 30 days or more to create a patch. Some experts criticised the lack of an enforcement mechanism, but Scott Blake of the OIS, said: “I expect pressure will be put on researchers to comply… and vendors that do not comply will find it harder to get business.” Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.