Profile_bird

Hey there! k8em0 is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What are you doing? Join today to start receiving k8em0's tweets.

Already using Twitter
from your phone? Click here.

k8em0

  1. @cory_scott one would hope, that's the basic idea anyway. @dinodaizovi yeah, that would be a better title, much more accurate. 13 minutes ago from web
  2. @alexsotirov that is a biz particular that is out of scope. Besides, being obsolete by the time it comes out is not new to ISO. ;-) about 1 hour ago from web
  3. @dinodaizovi things like Have a way to be contacted w/vuln info, not Thou shalt have a web form. Biz particulars are out of scope. about 1 hour ago from web
  4. @dinodaizovi this is a guide for vendors, gives them basic elements to receive vulns, distrib remed info - no business particulars about 1 hour ago from web
  5. @attritionorg that was you?! I was sure 1-800-smrtass was not on my speed dial, but it must be! Catch up with you tomorrow. :-) about 3 hours ago from web
  6. @attritionorg handing you an ISO-compliant tissue. ;-) Srsly, we should chat offline. I've been amazed at some of the previous drafts too. about 3 hours ago from web
  7. @attritionorg just yanking your chain, man. LOL. This is all too funny to me that it has everyone so upset when it really won't affect them about 3 hours ago from web
  8. Attention @halvarflake @daveaitel @hdmoore @pusscat @druidian : If this standard doesn't solve the disclosure debate, blame @attritionorg :) about 3 hours ago from web
  9. @attritionorg what are you complaining about? ur in touch with the editor & can tell him what to write. No excuse for it not being perfect. about 3 hours ago from web
  10. @attritionorg even if ISO changed its review rules for you or anyone else, it's still only National Bodies who ever get to vote on anything about 3 hours ago from web
  11. @attritionorg the editor only has the agreed-upon changes from the meeting, he has to create the next draft from that blueprint. wait for it about 3 hours ago from web
  12. @attritionorg What it is: a clue/guide for vendors who don't have any vuln handling policy. What it isn't: telling you what to do about 3 hours ago from web
  13. @attritionorg the latest draft has ASAP in it. Wait til the next draft before spouting off. ;-P Unless this is more fun spreading the FUD. about 3 hours ago from web
  14. @halvarflake I have been working steadily keeping this thing in scope for vendor actions only, leaving finders actions out of it. about 3 hours ago from web
  15. @halvarflake I'm glad this has spurned discussion among smart people, but has no one read what I've been tweeting? This is a vendor guide. about 3 hours ago from web
  16. @attritionorg again, the ack time is for the Vendor to ack the finder that they received the vuln report. Youre taking things out of context about 4 hours ago from web
  17. @attritionorg you're reading the old draft? Not the one with the changes from this last meeting? The editor hasn't made many changes yet. about 4 hours ago from web
  18. @daveaitel No public draft that I know of. You have to be part of a National Body or other liaison to ISO as far as I know. about 12 hours ago from web
  19. @hdmoore description is what it is, but I can tell you the draft is scoped to vendors only. Most researchers are not ISO compliant anyway! about 12 hours ago from web
  20. How many of you really think ISO was going to tell researchers what to do?! This is a guide for vendors only, hopefully to make them better. about 14 hours ago from web