ATLANTA –Internet Security Systems (ISS) has released its current Vulnerability Disclosure Guidelines, in line with the federal government and other organizations.
The guidelines outline the process and procedures under which vulnerabilities that are researched and discovered by the ISS X-Force are disclosed to software and hardware vendors, customers, and the public. The X-Force is ISS’ renowned security intelligence research and development team.
“Responsible discovery and disclosure of security vulnerabilities continues to be a topic of great interest,” Chris Rouland, director X-Force for ISS, said in a statement. “It’s under much scrutiny in the public and private sectors, and it should be, if the protection of critical infrastructures around the world is of any concern,”
Rouland said security research organizations need to implement standards that reflect the public’s “need to know vital information” about vulnerabilities in a timely manner, but that also give consideration to software vendors working to remedy issues in their products, so that the public is not put at risk without a corrective action available.
The guidelines from ISS align with the efforts of the U.S. government and other organizations to promote responsible disclosure of newly discovered computer network vulnerabilities, the company says.
In addition, the guidelines aim to balance the need of the public to receive timely, critical information on newly discovered vulnerabilities with software vendors’ need for sufficient time to correct security issues identified in their products.
ISS: www.iss.net
