Hi LP-discuss, The W3C, which sets Web standards, just released this
https://www.w3.org/2017/01/GVDP-factsheet.html in an attempt to pacify all of us who are complaining that their plan to make DRM part of Web standards would be bad for security researchers. It's a draft of "best practices" for companies to follow when security researchers disclose vulns to them. Is anyone who's knowledgeable about disclosure policies able to take a look at it and share your thoughts? To me, it looks like it's not much of a protection for the researchers, because it's totally voluntary and apparently allows companies to ignore it if they make such arbitrary judgements as that the security researcher didn't give them a "reasonable amount of time" between private and public disclosure. I think we can take Netflix's policy (linked) to be pretty representative of the policies these guidelines will produce. PS -- the LibrePlanet 2017 t-shirt will be launching soon :) -- Zak Rogoff // Campaigns Manager Free Software Foundation
0xB5090AC8.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
