Updated policy regarding exploits and 0days.

The Terms of Service and some additional standards which are not actual rules. Reading and following these will make everyone's site experience more enjoyable.

Updated policy regarding exploits and 0days.

Post by comperr on Thu Jun 19, 2008 6:57 pm
([msg=5304]see Updated policy regarding exploits and 0days.[/msg])

It is permitted to post FULL DISCLOSURE vulnerabilities provided the following have conditions been met:
1)You reported the issue to the developers in a reasonable manner.
2)It has been one week since you reported it and developers refuse to fix the vuln in a reasonable amount of time.
OR
the developers have not replied to you whatsoever
OR
the issue has been fixed and an update released
OR
The developers have allowed you to release the issue
old versions below
It is permitted to post FULL DISCLOSURE vulnerabilities provided the following have conditions been met:

1)You reported the issue to the developers in the manner in which they request.
2)It has been two weeks since you reported it and you have received NO reply.
OR
the issue has been fixed and an update released MORE THAN 3 days before the release of the vuln.
OR
The developers have allowed you to release the issue
OR
The developers have stated that they are REFUSING to fix the issue EVER (not that it will be done later or that they won't do it now).
User avatar
comperr
Poster
Poster
 
Posts: 373
Joined: Mon Apr 07, 2008 6:52 pm
Location: /dev/null
Blog: View Blog (0)


Re: Updated policy regarding exploits and 0days.

Post by comperr on Mon Jul 28, 2008 11:26 am
([msg=8538]see Re: Updated policy regarding exploits and 0days.[/msg])

old version
Another update:

If the developers state that the issue "will be fixed at some undetermined point in the future" and the company has a history of never fixing security issues (this is not Microsoft - they fix issues despite them having so many of them) then it is permitted to release a vuln in full.
User avatar
comperr
Poster
Poster
 
Posts: 373
Joined: Mon Apr 07, 2008 6:52 pm
Location: /dev/null
Blog: View Blog (0)


Re: Updated policy regarding exploits and 0days.

Post by comperr on Mon Jan 12, 2009 10:40 pm
([msg=16071]see Re: Updated policy regarding exploits and 0days.[/msg])

Yet /another/ update.
This supersedes all previous polices and seeks to be more lenient.
User avatar
comperr
Poster
Poster
 
Posts: 373
Joined: Mon Apr 07, 2008 6:52 pm
Location: /dev/null
Blog: View Blog (0)



Return to Terms of Service & Additional Information

Who is online

Users browsing this forum: No registered users and 0 guests