Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15751
| From | Michael McNally <mcnally@isc.org> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Experimenting with a new practice for pre-announcing vulnerability disclosures |
| Date | 2020-05-14 00:35 -0800 |
| Message-ID | <mailman.402.1589445328.942.bind-users@lists.isc.org> (permalink) |
| References | <6978e6dd-6187-2c1f-d51a-5c617612e03c@isc.org> |
Hey BIND-users, I hope that most of you are already subscribed to the bind-announce list. But for those who are not, bind-announce is another public list operated by Internet Systems Consortium. It is a low-traffic list which ISC staff use to make announcements concerning the BIND project -- most frequently about the release of new versions of BIND or occasionally when we disclose a serious security vulnerability. You can subscribe by going to: https://lists.isc.org The reason I bring it up is that ISC is experimenting with a new practice to extend our Security Vulnerability Disclosure Process. After observing this practice being used successfully by other open-source projects, we have modified our disclosure policy to allow us to (optionally) make a limited pre-announcement giving a "heads up" a few days before a public disclosure occurs. Such pre-announcements, should they occur, will be posted to the bind-announce list and you can see the first example of one in the list archives even if you are not a subscriber: https://lists.isc.org/pipermail/bind-announce/2020-May/001153.html Michael McNally ISC Support
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Experimenting with a new practice for pre-announcing vulnerability disclosures Michael McNally <mcnally@isc.org> - 2020-05-14 00:35 -0800
csiph-web