Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

CIO: Secunia’s new vulnerability disclosure deadline

Get this blog as an RSS Feed
13:30 CET on the 20th January 2012
Entry written by Secunia.

In the article ‘Secunia Sets Six-Month Deadline for Vulnerability Disclosures’, Lucian Constantin discusses Secunia’s new deadline for software vendors to fix vulnerabilities reported through the Secunia Vulnerability Coordination Reward Program (SVCRP) before going public with them.

Carsten Eiram, Secunia’s Chief Security Specialist says, "It seems to be a deadline that most vendors should be able to live up to. It is important to pick a deadline that provides vendors with ample time to develop proper fixes for most cases without providing too much time to 'slack off'."

However, in situations when more time is needed to address a security problem, Secunia is willing to wait longer without disclosing the vulnerability publicly when it believes that such an extension is justified.

Representatives from Adobe and Microsoft's Trustworthy Computing Group also share their views on the new deadline.

To read the article in full, visit CIO here.

Stay Secure,

Secunia

This article has also been published by CSO, ITworld, and InfoWorld.

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: CIO: Secunia’s new vulnerability disclosure deadline
 
User Message
[+]

frankponting

RE: CIO: Secunia’s new vulnerability disclosure deadline
This reply has been deleted

izattsolo

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

arellamana

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

arellamana

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

arellamana

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

arellamana

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

arellamana

RE: CIO: Secunia’s new vulnerability disclosure deadline
[+]
This reply has been deleted

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer