Based on my general impressions in day-to-day operations for CVE (around
150 new vulns a week on average), maybe 40-60% of disclosures happen
without any apparent attempt at vendor coordination, another 10-20% with a
communication breakdown (including "they didn't answer in 2 days"), and
the rest
This is a workshop that may be of interest to subscribers of this mailing
list.
http://www.ieee-security.org/TC/SP2007/cfp-W2SP.html
Workshop Call for Position Papers
W2SP 2007: Web 2.0 Security and Privacy 2007
Sponsored by the IEEE
SC-L,
Ok, so we all have various opinions about security patching practices
in software -- mostly bad, I'm confident. But, in today's
environment, patching still seems to be a necessary evil. But for
the most part, mobile devices have been pretty much left out in the
code. That's start