Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15751 > unrolled thread

Experimenting with a new practice for pre-announcing vulnerability disclosures

Back to article view | Back to comp.protocols.dns.bind

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Experimenting with a new practice for pre-announcing vulnerability disclosures Michael McNally <mcnally@isc.org> - 2020-05-14 00:35 -0800

#15751 — Experimenting with a new practice for pre-announcing vulnerability disclosures

Hey BIND-users,

I hope that most of you are already subscribed to the bind-announce list.
But for those who are not, bind-announce is another public list operated
by Internet Systems Consortium.  It is a low-traffic list which ISC staff
use to make announcements concerning the BIND project -- most frequently
about the release of new versions of BIND or occasionally when we disclose a
serious security vulnerability.  You can subscribe by going to: https://lists.isc.org

The reason I bring it up is that ISC is experimenting with a new practice
to extend our Security Vulnerability Disclosure Process.  After observing
this practice being used successfully by other open-source projects, we
have modified our disclosure policy to allow us to (optionally) make a
limited pre-announcement giving a "heads up" a few days before a public
disclosure occurs.

Such pre-announcements, should they occur, will be posted to the bind-announce
list and you can see the first example of one in the list archives even if
you are not a subscriber:

  https://lists.isc.org/pipermail/bind-announce/2020-May/001153.html

Michael McNally
ISC Support

[toc] | [standalone]

Back to top | Article view | comp.protocols.dns.bind

csiph-web