RealNews

Group wants input on vulnerability reporting guidelines

The Organization for Internet Safety is soliciting comments on its guidelines for reporting and responding to software security vulnerabilities. OIS, a consortium of software vendors, researchers and security consultants, released the guidelines in July 2003, hoping to bring some order to the continual struggle between code makers and code breakers. The second version is expected to be available in mid-July. OIS hopes to address some issues in the second release that were sidestepped in the first edition, such as what role—if any—the government should play in vulnerability reporting. That was one of the few issues on which the drafters could not come to any clear consensus last year, said Scott Blake, vice president of information security for BindView Corp. of Houston and chairman of the OIS communications committee. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.