Feds Consider New Security Reporting Role

Monday, 11 November 2002, 3:42 PM EST

As part of a continuing effort to find a way to handle sensitive security vulnerabilities, government security officials have been discussing the possibility of creating a central point of contact within the government for reporting such information.

Under the scenario officials have discussed, researchers who find a new vulnerability would be encouraged to send their findings to the government contact at the same time that they notify the affected vendor, according to sources familiar with the discussions. The benefits of such a system are two-fold, experts say. Not only would it ensure that the researcher is given proper credit for his findings, but it would also serve as a fall-back position should the vendors affected by the vulnerability fail to acknowledge the report or take any action to fix it.

Many security researchers have been critical of large software vendors such as Microsoft Corp. and others for what the researchers perceive as unreasonably slow reaction times once they are told of a new vulnerability. This, in part, has led some researchers to begin posting their findings on public mailing lists or Web sites in an effort to pressure the vendors into patching the vulnerabilities.

[ Read more ]




Spotlight

What does the future hold for cloud computing?

Posted on 21 July 2014.  |  Cloud computing’s widespread adoption by businesses and consumers alike all but guarantees that, in five to ten years’ time, the technology will still be very much with us.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //