Software vulnerabilities studied

The Organization for Internet Safety is soliciting comments on its guidelines for reporting and responding to software security vulnerabilities.

The consortium of software vendors, researchers and security consultants released the guidelines in July 2003, hoping to bring order to the struggle between code makers and code breakers. In the second version, expected in mid-July, OIS hopes to address issues sidestepped in the first edition, such as what role, if any, the government should play in vulnerability reporting.

Comments are being accepted through June 24 at feedback@oisafety.org.