[日期prev] [日期Next][Thread Prev][Thread Next][日期索引][线程索引]

FW: NTIA announces first meeting on Vulnerability Disclosure

To：”cve-editorial-board-list@LISTS.MITRE.ORG"<cve-editorial-board-list@LISTS.MITRE.ORG>
主题: FW: NTIA announces first meeting on Vulnerability Disclosure
从：”Landfield, Kent" <Kent_Landfield@McAfee.com>
日期：2015年8月28日星期五17:58:34 +0000
Accept-Language: en-US
Authentication-Results: spf=none (sender IP is 129.83.29.3)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=McAfee.com;
送到了（送去了: coley@rcf-smtp.mitre.org
Delivery-Date: Fri Aug 28 14:02:57 2015
In-Reply-To：
List-Help：<mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner：<mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
列表订阅：<mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe：<mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
参考：
Sender：<所有者cve-editorial-board-list@lists.mitre.org>
SpamDiagnosticMetadata: NSPM
SpamDiagnosticOutput: 1:23
Thread-Index: AdDhuCjBvl1rkoO1SNqyITp7QSk9+///9TyA
Thread-Topic：NTIA宣布有关脆弱性披露的首次会议
user-agent: Microsoft-MacOutlook/14.5.4.150722

FYI…

肯特·兰德菲尔德
Director, Standards and Technology Policy
Intel Corporation

+1.817.637.8026 | kent.b.landfield@intel.com

从：Allan Friedman <AFriedman@ntia.doc.gov>
日期：Friday, August 28, 2015 at 12:44 PM
到：PRESS <Press@ntia.doc.gov>
主题：NTIA announces first meeting on Vulnerability Disclosure
依从境：<kent.b.landfield@intel.com>

NTIA will convene the first meeting of a multistakeholder process concerning collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure on September 29, 2015, at the University of California, Berkeley.

The goal of this process will be to develop a broad, shared understanding of the overlapping interests between security researchers and the vendors and owners of products discovered to be vulnerable, and to establish a consensus about voluntary principles to promote better collaboration. The question of how vulnerabilities can and should be disclosed will be a critical part of the discussion, as will how vendors receive and respond to this information. However, disclosure is only one aspect of successful collaboration.

The objectives of this first meeting are to: 1) briefly share different perspectives on how vulnerability information is shared, received, and resolved; 2) briefly review perceived challenges in successful collaborations; 3) engage stakeholders in a discussion of high-priority substantive issues stakeholders believe should be addressed; 4) engage stakeholders in a discussion of logistical issues, including internal structures such as a small drafting committee or various working groups, and the location and frequency of future meetings; and 5) identify concrete goals and stakeholder work following the first meeting.

Please pre-register to help NTIA plan logistics:http://www.ntia.doc.gov/september-29-multistakeholder-meeting-vulnerability-disclosure-pre-registration

The Federal Register Notice announcing the first meeting and providing further background and detail:http://www.ntia.doc.gov/federal-register-notice/2015/notice-09292015-cybersecurity-vulnerability-disclosure-meeting

More details are available at:http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities

For more information, or to subscribe or unsubscribe to NTIA’s cybersecurity mailing list,

please email Allan Friedman:AFriedman@ntia.doc.gov

Next by Date:Re: procedure for penalizing or revoking CNA status?
Next by thread:Re: procedure for penalizing or revoking CNA status?
Index(es):
- 日期
- Thread