Encyclopedia > RFPolicy

  Article Content

RFPolicy

The RFPolicy states the recommended way to contact a vendor about security vulnerabilities in their products. It is written by Rain Forest Puppy[?], and is in no way a definite guide. It is his recommended policy, and both the full disclosure community and most vendors seems to like it. Someone, help me out NPOV'ing that

The policy basically gives the vendor 5 working days to respond to the originator of the problem.

 
If no contact is made by the vendor to the originator in 5 days, the issue is recommended to be disclosed to the general community. The originator should help the vendor to reproduce the problem, and to work out a fix. The originator should delay notifying the general community about the problem if the vendor provides feasible reasons for requiring so.

If the vendor fails to respond or shuts down communication with the originator of the problem in more than 5 days, the originator should disclose the issue to the general community. The vendor should give the originator proper credits about reporting the bug, when issuing an alert / fix.


External links:



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Ludvika

... of Dalarna[?]: Avesta  |  Borlänge  |  Falun  |  Gagnef  |  Hedemora  |  Leksand  |  LudvikaMalung ...

 
 
 
This page was created in 32.2 ms