Security group issues compromise plan for vulnerability reporting

The Organization for Internet Safety has released a guide for reporting and responding to software security vulnerabilities, hoping to bring some order to the continual struggle between code makers and code breakers. The voluntary guidelines, available on the OIS Website at, are an effort to balance the public’s right to know about possible problems against the need for vendors to correct those problems before they are made public. They call for:

*cooperation between the discoverer of a flaw and the software vendor

*a waiting period, typically 30 days, to let a vendor to correct a problem before it is publicly announced

*a 30-day grace period to let users to fix their systems before technical details that could help attackers are released.

Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.