This site graciously hosted
by our friends at
12 August 2003
The article: Vendors Offer Plan for Disclosing Software Security Holes - Computerworld
The final version of the process: http://www.oisafety.org
To the editor:
Please include us among the "Security researchers [who] say their concerns were ignored" by the grandly-named "Organization for Internet Safety (OIS)".
In our open letter of June 10th, we said that the process:
We had high hopes when we first heard about the project. As security practitioners with decades of experience--and more than a few years in the center ring of the "vulnerability circus"--we were ready for a workable proposal in a collaborative spirit. We suspect now that the point of the exercise was to produce a process to deaden dissent and provide a preemptive defense against liability lawsuits. In any event, the effort is dead on arrival; and that's a low-down dirty shame.
Mark G. Graff
Kenneth R. van Wyk
Authors, Secure Coding
Copyright (C) 2003, Mark G. Graff and Kenneth R. van Wyk. Permission granted to reproduce and distribute in entirety with credit to authors.
Site Contents Copyright (C) 2002, 2003 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.