For those of you who care about vulnerability disclosure issues, the "Organization for Internet Safety" (OIS) formally announced its existence. This is the same group of security and software companies that has been discussed in past months.
The founding members are: @stake, BindView, Caldera International (The SCO Group), Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI, and Symantec. Note that my employer, MITRE, is not a member of OIS. This often causes confusion because I have been involved in writing documents that OIS may use as part of their own policies. Some articles are at: http://www.theregister.co.uk/content/55/27312.html http://www.eweek.com/article2/0,3959,558881,00.asp The OIS home page is at: http://www.oisafety.org A FAQ is at: http://www.oisafety.org/about.html The FAQ should be of high interest to anybody who does vulnerability research. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
