you are looking for this... http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf
http://www.oisafety.org cheers, Donnie Werner > Hey All, > > Couple of questions on reporting vulnerabilities: > > 1) Is there a damn template somewhere that can be used, as I'm pretty sure > there was at one point, and I can't seem to find it? If so, could someone > please let me know where this is located? > > 2) Is it worth sending something out like a cookie storing usernames and > passwords in clear text for a major vendor's piece of software? > > 3) What's the correct procedure to go through reporting a vulnerability? > > If all of these questions can be answered with one simple link, can > someone please paste it, as I really need to know this info soon. > > TIA > > xyberpix _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
