Disclosure Policy of CERT/CC Hacker Definition
As of October 2000, the CERT Coordination Center (CERT/CC) brought
in a new policy regarding the disclosure to the public of vulnerability information. According
to the CERT/CC, vulnerabilities reported to them will be revealed to the public
45 days after the initial report is made, regardless of the availability of
patches. Extenuating circumstances, the new policy statessuch as active
exploitation, threats of a very serious nature, or situations requiring changes
to an established standardcould result in an amended disclosure period.
Because the purpose of the new policy is to balance the publics need to be informed with the vendors need to respond effectively and efficiently to worms and viruses, CERT/CCs final decision on when to publish the information will be based on the best interests of the community. According to this policy, vulnerabilities reported to the CERT/CC are transmitted to the affected vendors as soon as possible after the initial report is received; confidentiality of the source is maintained.
See Also: Exploit; Vulnerabilities of Computers; Worm.
Carnegie Mellon University. CERT/CC Vulnerability Disclosure Policy. [Online,
2002.] Carnegie Mellon University CERT Website. http://www.cert.org/kb/vul_
disclosure.html.
Browse dictionary entries near Disclosure Policy of CERT/CC
- ‹ disclosure
- ‹ disclose
- ‹ disclimax
- ‹ disclamation
- ‹ disclaimer
- ‹ disclaim
- ‹ disciplined
- ‹ discipline
- ‹ disciplinary proceeding
- ‹ disciplinary
- disclosure statement ›
- disco ›
- disco- ›
- discography ›
- discoid ›
- discolor ›
- discoloration ›
- discolour ›
- discombobulate ›
- discomfit ›
Print this Page
Suggestion Box
Send to Friend
