The Organization for Internet Safety, is a coalition that includes, @stake, BindView, Caldera International (The SCO Group), Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI, and Symantec and is chartered "to make it easier for security researchers and vendors to work together to fix security vulnerabilities."
So any end-user or vendor that has an interest in how application, network and sever vulnerabilities are reported to the media and public at large and even to products such as IDS and Security Information Management (SIM) Event Correlation Tools, among others, would do well to keep abreast of the group's progress.
Specficially, the Organization just released their DRAFT of a Security Vulnerability Reporting and Response Process with request for comments. Head on over to the site at take a read through, if you've got something to say contact the OIS at: draft-feedback@oisafety.org.
Here's your chance to have a say on the process that the above vendors use to report vulnerabilities. If you care about this subject, take action and have your voice heard.
Posted by Diana at June 5, 2003 07:21 AM