Profile_bird

Hey there! k8em0 is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What are you doing? Join today to start receiving k8em0's tweets.

Already using Twitter
from your phone? Click here.

k8em0

  1. @cory_scott one would hope, that's the basic idea anyway. @dinodaizovi yeah, that would be a better title, much more accurate.
  2. @alexsotirov that is a biz particular that is out of scope. Besides, being obsolete by the time it comes out is not new to ISO. ;-)
  3. @dinodaizovi things like Have a way to be contacted w/vuln info, not Thou shalt have a web form. Biz particulars are out of scope.
  4. @dinodaizovi this is a guide for vendors, gives them basic elements to receive vulns, distrib remed info - no business particulars
  5. @attritionorg that was you?! I was sure 1-800-smrtass was not on my speed dial, but it must be! Catch up with you tomorrow. :-)
  6. @attritionorg handing you an ISO-compliant tissue. ;-) Srsly, we should chat offline. I've been amazed at some of the previous drafts too.
  7. @attritionorg just yanking your chain, man. LOL. This is all too funny to me that it has everyone so upset when it really won't affect them
  8. Attention @halvarflake @daveaitel @hdmoore @pusscat @druidian : If this standard doesn't solve the disclosure debate, blame @attritionorg :)
  9. @attritionorg what are you complaining about? ur in touch with the editor & can tell him what to write. No excuse for it not being perfect.
  10. @attritionorg even if ISO changed its review rules for you or anyone else, it's still only National Bodies who ever get to vote on anything
  11. @attritionorg the editor only has the agreed-upon changes from the meeting, he has to create the next draft from that blueprint. wait for it
  12. @attritionorg What it is: a clue/guide for vendors who don't have any vuln handling policy. What it isn't: telling you what to do
  13. @attritionorg the latest draft has ASAP in it. Wait til the next draft before spouting off. ;-P Unless this is more fun spreading the FUD.
  14. @halvarflake I have been working steadily keeping this thing in scope for vendor actions only, leaving finders actions out of it.
  15. @halvarflake I'm glad this has spurned discussion among smart people, but has no one read what I've been tweeting? This is a vendor guide.
  16. @attritionorg again, the ack time is for the Vendor to ack the finder that they received the vuln report. Youre taking things out of context
  17. @attritionorg you're reading the old draft? Not the one with the changes from this last meeting? The editor hasn't made many changes yet.
  18. @daveaitel No public draft that I know of. You have to be part of a National Body or other liaison to ISO as far as I know.
  19. @hdmoore description is what it is, but I can tell you the draft is scoped to vendors only. Most researchers are not ISO compliant anyway!
  20. How many of you really think ISO was going to tell researchers what to do?! This is a guide for vendors only, hopefully to make them better.