HOME

TheInfoList



Click Here for Items Related To - RFPolicy
OR:
RFPolicy on:   [Wikipedia]   [Google]   [Amazon]

The RFPolicy states a method of contacting
vendor In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these terms ...
s about
security vulnerabilities Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
found in their
products Product may refer to: Business * Product (business), an item that serves as a solution to a specific consumer problem. * Product (project management), a deliverable or set of deliverables that contribute to a business solution Mathematics * Produ ...
. It was originally written by hacker and security consultant Rain Forest Puppy. The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter in those five days, the issue is recommended to be
disclosed Disclosed (揭秘) is a Singaporean Chinese investigative thriller drama which started on 28 October 2013, focusing on cybercrime cases which involve Internet fraud, celebrity privacy, online money laundering and such. It stars Tender Huang , Jes ...
to the general
community A community is a social unit (a group of living things) with commonality such as place, norms, religion, values, customs, or identity. Communities may share a sense of place situated in a given geographical area (e.g. a country, village, tow ...
. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so. If the vendor fails to respond or shuts down communication with the reporter of the problem in more than five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug.


References


External links


RFPolicy v2.0
Computer security Software bugs {{comp-sci-stub