|
OUSPG[This page is CSS2 enabled. Your browser might not fully support it] Introducing constructive vulnerability disclosures$RCSfile: index.html,v $ $Revision: 1.4 $ $Date: 2001/07/26 12:05:21 $ ABSTRACTProduct flaws that compromise information security emerge constantly, and a vivid debate is taking place on how these vulnerabilities should be handled. A partial disclosure concept, constructive disclosures, was introduced as an alternative to full disclosures and as a safety-net against reoccurring vulnerabilities of a similar kind. The proposed model was executed in a multi-vendor, multi-vulnerability case involving WAP gateway products. A complicated vulnerability case was successfully handled, with positive feedback. This result promotes the seeking of solid engineering practices that will take the vulnerability process beyond an art form.
[This page is CSS2 enabled. Your browser might not fully support it] |
||||||