Can Vulnerability Disclosure Processes Be Responsible, Rational, and Effective?

Abstract: 

Security

ISC produces critical infrastructure software and services upon which the Internet and telecommunications industries depend. Through our Phased Vulnerability Disclosure process, we provide rational disclosure of vulnerabilities through a series of notifications, so industry can prepare without rushed actions, and critical infrastructure can be upgraded without "bad guys" knowing about the vulnerability. As an organization dedicated to open source software and open process, ISC is publishing the policies, processes, and tools involved. Please join us as we walk through a new model that vendors and operators can use to roll out security fixes without adding to operational risk.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {266433,
author = {Larissa Shapiro},
title = {Can Vulnerability Disclosure Processes Be Responsible, Rational, and Effective?},
year = {2011},
address = {Boston, MA},
publisher = {USENIX Association},
month = dec
}
Download

Presentation Video

Presentation Audio

Links

Paper: 
Paper (HTML): 
Slides: 
http://www.usenix.org/events/lisa11/tech/slides/shapiro.pdf