[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NTIA announces first meeting on Vulnerability Disclosure



The message below, quoted in its entirety, is archived at:

  cve.mitre.org/data/board/archives/2015-08/msg00000.html

- Steve


From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Landfield, Kent
Sent: Friday, August 28, 2015 1:59 PM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: FW: NTIA announces first meeting on Vulnerability Disclosure

FYI.

Kent Landfield
Director, Standards and Technology Policy
Intel Corporation
+1.817.637.8026 | kent.b.landfield@intel.com

From: Allan Friedman <AFriedman@ntia.doc.gov>
Date: Friday, August 28, 2015 at 12:44 PM
To: PRESS <Press@ntia.doc.gov>
Subject: NTIA announces first meeting on Vulnerability Disclosure
Resent-From: <kent.b.landfield@intel.com>

NTIA will convene the first meeting of a multistakeholder process concerning collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure on September 29, 2015, at the University of California, Berkeley.

The goal of this process will be to develop a broad, shared understanding of the overlapping interests between security researchers and the vendors and owners of products discovered to be vulnerable, and to establish a consensus about voluntary principles to promote better collaboration. The question of how vulnerabilities can and should be disclosed will be a critical part of the discussion, as will how vendors receive and respond to this information. However, disclosure is only one aspect of successful collaboration. 

The objectives of this first meeting are to: 1) briefly share different perspectives on how vulnerability information is shared, received, and resolved; 2) briefly review perceived challenges in successful collaborations; 3) engage stakeholders in a discussion of high-priority substantive issues stakeholders believe should be addressed; 4) engage stakeholders in a discussion of logistical issues, including internal structures such as a small drafting committee or various working groups, and the location and frequency of future meetings; and 5) identify concrete goals and stakeholder work following the first meeting.

Please pre-register to help NTIA plan logistics: http://www.ntia.doc.gov/september-29-multistakeholder-meeting-vulnerability-disclosure-pre-registration

The Federal Register Notice announcing the first meeting and providing further background and detail: http://www.ntia.doc.gov/federal-register-notice/2015/notice-09292015-cybersecurity-vulnerability-disclosure-meeting

More details are available at: http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities

For more information, or to subscribe or unsubscribe to NTIA's cybersecurity mailing list, 
please email Allan Friedman: AFriedman@ntia.doc.gov 



Page Last Updated or Reviewed: September 14, 2015