[[disclosure]]
 
Trace: » cve » vendors » welcome » researcher » distro-patches » disclosure

Flaw Disclosure

Anytime an individual discovers a security flaw, there are certain steps that should be taken to ensure that the details of the flaw are disclosed in a responsible and acceptable manner. Reporting a flaw in open source software poses a number of unique challenges compared to the closed source counterparts.

This document should not be seen as a set of rules, but rather a set of best practices designed to help inform and guide the projects, researchers, and developers.

How a flaw should be dealt with can be broken into two distinct groups:

(FIXME The Content in whattodo should be merged into these pages)

Matthieu Herrb's presentation on the topic based on his experience with XFree86 and X.Org (in French). Matthieu offered - “If someone would like to translate it, I can provide the LaTeX/beamer source file for it.”

 
disclosure.txt · Last modified: 2010/02/09 10:33 by solar
 
Recent changes RSS feed Creative Commons License Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux