Hello,
most vendors do have advisory announce lists. Usually I see multiple admins
subscribing to them from one organization. On the other hand, you never know
who is reading which advisory (not). I was thinking about a small Web Based
System, which will present all Advisories (readable). Admins can browse and
filter he list, and mark advisories:
- does not apply (i.e. software/hardware not used in our company)
- we are secured (i.e. we have a new version or it is quickfixed)
- Vulnerable
The Advisories will be archived together with the Admin, who has decided
that the organisation is safe. In addition one can think about a multiple
vote system.
Has anybody else have an process defined, how to handle advisories? It might
be enough to feed them into a Bug tracking system.. hmm...
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
