0% found this document useful (0 votes)

5 views1 page

Gray Hat Hacking 80

The RainForest Puppy Policy (RFP) version 2 outlines a full disclosure approach for reporting software vulnerabilities, emphasizing that reporters are not required to cooperate with vendors but are encouraged to do so. Upon reporting, vendors have five days to respond, and if they fail to do so, the reporter may disclose the vulnerability publicly. The policy encourages collaboration between the reporter and vendor to address the issue effectively.

Uploaded by

digapo7593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views1 page

Gray Hat Hacking 80

Uploaded by

digapo7593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

52
Reference
The CERT/CC Vulnerability Disclosure Policy
www.cert.org/kb/vul_disclosure.html

Full Disclosure Policy—the RainForest

Puppy Policy
A full disclosure policy known as RainForest Puppy Policy (RFP) version 2, takes a harder
line with software vendors than CERT/CC. This policy takes the stance that the reporter
of the vulnerability should make an effort to contact the vendor so they can work to-
gether to fix the problem, but the act of cooperating with the vendor is a step that the
reporter is not required to take. Under this model, strict policies are enforced upon the
vendor if it wants the situation to remain confidential. The details of the policy follow:

• The issue begins when the originator (the reporter of the problem) e-mails the
maintainer (the software vendor) with details about the problem. The moment
the e-mail is sent is considered the date of contact. The originator is responsible
for locating the maintainer’s appropriate contact information, which can
usually be obtained through the maintainer’s website. If this information is
not available, e-mails should be sent to one or all of the addresses shown next.
These common e-mail formats should be implemented by vendors:
security-alert@[maintainer]
secure@[maintainer]
security@[maintainer]
support@[maintainer]
info@[maintainer]
• The maintainer will be allowed five days from the date of contact to reply to
the originator. The date of contact is from the perspective of the originator of
the issue, meaning if the person reporting the problem sends an e-mail from
New York at 10:00 A.M. to a software vendor in Los Angeles, the time of contact
is 10:00 A.M. Eastern time. The maintainer must respond within five days,
which would be 7:00 A.M. Pacific time. An auto-response to the originator’s
e-mail is not considered sufficient contact. If the maintainer does not establish
contact within the allotted timeframe, the originator is free to disclose the
information. Once contact has been made, decisions on delaying disclosures
should be discussed between the two parties. The RFP policy warns the vendor
that contact should be made sooner rather than later. It reminds the software
maker that the finder of the problem is under no obligation to cooperate, but
is simply being asked to do so for the best interests of all parties.
• The originator should make every effort to assist the vendor in reproducing
the problem and adhering to reasonable requests. It is also expected that the

NIST SP 800-57pt1r5
No ratings yet
NIST SP 800-57pt1r5
171 pages
(An Analysis of Issues and Options) Eric A. Fischer - Creating A National Framework For Cybersecurity (2009, Nova Science Publishers) - Libgen - Li
100% (1)
(An Analysis of Issues and Options) Eric A. Fischer - Creating A National Framework For Cybersecurity (2009, Nova Science Publishers) - Libgen - Li
102 pages
Cissp Exam Questions 7
No ratings yet
Cissp Exam Questions 7
316 pages
EH Unit 2
No ratings yet
EH Unit 2
42 pages
(供应链) ESF SECURING THE SOFTWARE SUPPLY CHAIN DEVELOPERS
No ratings yet
(供应链) ESF SECURING THE SOFTWARE SUPPLY CHAIN DEVELOPERS
64 pages
Securing Microsoft 365
No ratings yet
Securing Microsoft 365
270 pages
Nist - Ir .7622
No ratings yet
Nist - Ir .7622
99 pages
Lecture#6 - Data Encryption
No ratings yet
Lecture#6 - Data Encryption
24 pages
Chapter 11 Solve
No ratings yet
Chapter 11 Solve
11 pages
2018 Sector Specific Guide
No ratings yet
2018 Sector Specific Guide
28 pages
Manual User Tools E-TKSK
No ratings yet
Manual User Tools E-TKSK
24 pages
Patching Nist SP 1800 31b Draft
No ratings yet
Patching Nist SP 1800 31b Draft
59 pages
Software Acquisition Guide
No ratings yet
Software Acquisition Guide
61 pages
Practical Exam
No ratings yet
Practical Exam
3 pages
Assignment 2
No ratings yet
Assignment 2
10 pages
Week 7 The Five Nines Concept - Part 1 2
No ratings yet
Week 7 The Five Nines Concept - Part 1 2
32 pages
CEH Certified Ethical Hacker Exam Guide Fifth Edition Matt Walker PDF Download
No ratings yet
CEH Certified Ethical Hacker Exam Guide Fifth Edition Matt Walker PDF Download
41 pages
Mod4 Krumay Evaluation Accessible
No ratings yet
Mod4 Krumay Evaluation Accessible
11 pages
Beyond The Black Box: XAI Strategies For Safeguarding Critical Infrastructure
No ratings yet
Beyond The Black Box: XAI Strategies For Safeguarding Critical Infrastructure
26 pages
RFC 2196 (Site Security Handbook) Annotated With ISO 27001 References and Other Updates
No ratings yet
RFC 2196 (Site Security Handbook) Annotated With ISO 27001 References and Other Updates
75 pages
G Work1
No ratings yet
G Work1
8 pages
Gray Hat Hacking 50
No ratings yet
Gray Hat Hacking 50
1 page
Cybersecurity at Saint Mary Hospital
No ratings yet
Cybersecurity at Saint Mary Hospital
18 pages
CCD Notes
No ratings yet
CCD Notes
32 pages
Gray Hat Hacking 91 100
No ratings yet
Gray Hat Hacking 91 100
10 pages
Cybersecurity Requirements Article - Final
No ratings yet
Cybersecurity Requirements Article - Final
4 pages
Vulnerability Disclosure: Best Practice Guidelines
No ratings yet
Vulnerability Disclosure: Best Practice Guidelines
21 pages
Rfi Uspto PQCR Fy25
No ratings yet
Rfi Uspto PQCR Fy25
8 pages
Conformed To Federal Register Version
No ratings yet
Conformed To Federal Register Version
24 pages
Bsi-Cs 019e
No ratings yet
Bsi-Cs 019e
4 pages
ISE Question Papers
No ratings yet
ISE Question Papers
21 pages
Integrating Explainable AI For Effective Malware Detection in Encrypted Network Traffic
No ratings yet
Integrating Explainable AI For Effective Malware Detection in Encrypted Network Traffic
18 pages
IDC - Marketscape Cyber Recovery Druva Assessment
No ratings yet
IDC - Marketscape Cyber Recovery Druva Assessment
8 pages
Gray Hat Hacking 81
No ratings yet
Gray Hat Hacking 81
1 page
Document 100
No ratings yet
Document 100
2 pages
AJIBADE
No ratings yet
AJIBADE
48 pages
Data Fingerprinting and Visualization For AI
No ratings yet
Data Fingerprinting and Visualization For AI
15 pages
Challenges in Anti-Spam Efforts by Dave Crocker, Brandenburg InternetWorking (Dave Crocker)
No ratings yet
Challenges in Anti-Spam Efforts by Dave Crocker, Brandenburg InternetWorking (Dave Crocker)
13 pages
Gray Hat Hacking 78
No ratings yet
Gray Hat Hacking 78
1 page
Assignment 1
No ratings yet
Assignment 1
5 pages
Vulnerability Management Policy and Procedures
50% (4)
Vulnerability Management Policy and Procedures
18 pages
Common Forms of Cybercrime
No ratings yet
Common Forms of Cybercrime
16 pages
Gray Hat Hacking 79
No ratings yet
Gray Hat Hacking 79
1 page
Gray Hat Hacking 95
No ratings yet
Gray Hat Hacking 95
1 page
Gray Hat Hacking 84
No ratings yet
Gray Hat Hacking 84
1 page
Gray Hat Hacking 101
No ratings yet
Gray Hat Hacking 101
1 page
Gray Hat Hacking 103
No ratings yet
Gray Hat Hacking 103
1 page
Gray Hat Hacking 106
No ratings yet
Gray Hat Hacking 106
1 page
Gray Hat Hacking 111
No ratings yet
Gray Hat Hacking 111
1 page
Gray Hat Hacking 112
No ratings yet
Gray Hat Hacking 112
1 page
Gray Hat Hacking 99
No ratings yet
Gray Hat Hacking 99
1 page
Gray Hat Hacking 74
No ratings yet
Gray Hat Hacking 74
1 page
Gray Hat Hacking 94
No ratings yet
Gray Hat Hacking 94
1 page
Gray Hat Hacking 88
No ratings yet
Gray Hat Hacking 88
1 page
Gray Hat Hacking 87
No ratings yet
Gray Hat Hacking 87
1 page
Gray Hat Hacking 70
No ratings yet
Gray Hat Hacking 70
1 page
Gray Hat Hacking 71
No ratings yet
Gray Hat Hacking 71
1 page
Information Security Management 2
No ratings yet
Information Security Management 2
17 pages
Gray Hat Hacking 57
No ratings yet
Gray Hat Hacking 57
1 page
Gray Hat Hacking 58
No ratings yet
Gray Hat Hacking 58
1 page
Gray Hat Hacking 53
No ratings yet
Gray Hat Hacking 53
1 page
Gray Hat Hacking 51
No ratings yet
Gray Hat Hacking 51
1 page
Gray Hat Hacking 49
No ratings yet
Gray Hat Hacking 49
1 page
Gray Hat Hacking 48
No ratings yet
Gray Hat Hacking 48
1 page
Gray Hat Hacking 46
No ratings yet
Gray Hat Hacking 46
1 page
Gray Hat Hacking 26
No ratings yet
Gray Hat Hacking 26
1 page
Gray Hat Hacking 10
No ratings yet
Gray Hat Hacking 10
1 page
Gray Hat Hacking 42
No ratings yet
Gray Hat Hacking 42
1 page
Gray Hat Hacking 8
No ratings yet
Gray Hat Hacking 8
1 page
Gray Hat Hacking 15
No ratings yet
Gray Hat Hacking 15
1 page
Everybody Password Cracking 101
No ratings yet
Everybody Password Cracking 101
43 pages
IJCRT2002272
No ratings yet
IJCRT2002272
5 pages
Experiment 5
No ratings yet
Experiment 5
14 pages
Studies in Networking
No ratings yet
Studies in Networking
51 pages
Role of Oss Insecurity
No ratings yet
Role of Oss Insecurity
6 pages
Threats To Cyber Security
No ratings yet
Threats To Cyber Security
14 pages
Framework For Improving Critical Infrastructure Cybersecurity
No ratings yet
Framework For Improving Critical Infrastructure Cybersecurity
55 pages
E - Willingness
No ratings yet
E - Willingness
7 pages
curator,+CISSE v01 I01 A02
No ratings yet
curator,+CISSE v01 I01 A02
9 pages
CompTIA Security + Chapter 2
No ratings yet
CompTIA Security + Chapter 2
28 pages
Vul Managments
No ratings yet
Vul Managments
1 page
Security Issues in ECommerce
No ratings yet
Security Issues in ECommerce
8 pages
US-CCU Cyber-Security Check List 2007
No ratings yet
US-CCU Cyber-Security Check List 2007
42 pages
Mitre ATT@CK Matrix - Windows Logging - Basic: High Confidence or Covereage Medium Confidence or Coverage
No ratings yet
Mitre ATT@CK Matrix - Windows Logging - Basic: High Confidence or Covereage Medium Confidence or Coverage
27 pages
Patching Applications and Operating Systems (November 2023)
No ratings yet
Patching Applications and Operating Systems (November 2023)
6 pages
National Cyber Security Policy - 2013
No ratings yet
National Cyber Security Policy - 2013
29 pages
Information Security
No ratings yet
Information Security
14 pages
What Is Cyber Security?
No ratings yet
What Is Cyber Security?
24 pages
Security Guideline-Cloud Computing
No ratings yet
Security Guideline-Cloud Computing
5 pages
SQL Injection
No ratings yet
SQL Injection
5 pages
Gray Hat Hacking 68
No ratings yet
Gray Hat Hacking 68
1 page
Geze Assignment
No ratings yet
Geze Assignment
16 pages
Auditing Business Continuity
No ratings yet
Auditing Business Continuity
6 pages
Policies To Mitigate Cyber Risk
No ratings yet
Policies To Mitigate Cyber Risk
7 pages
Ccia Hadopi Letter
No ratings yet
Ccia Hadopi Letter
4 pages
Report Group8
No ratings yet
Report Group8
14 pages
Gray Hat Hacking 17
No ratings yet
Gray Hat Hacking 17
1 page
Policies Around Vulnerability and Patch Management
No ratings yet
Policies Around Vulnerability and Patch Management
5 pages
Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
4 pages
Ecommerce-Act 040924
No ratings yet
Ecommerce-Act 040924
5 pages
Gray Hat Hacking 19
No ratings yet
Gray Hat Hacking 19
1 page
Proactive and Reactive Concept
No ratings yet
Proactive and Reactive Concept
4 pages
Comments On NTIA's Notice of Inquiry On IANA by Sivasubramanian M, India
No ratings yet
Comments On NTIA's Notice of Inquiry On IANA by Sivasubramanian M, India
6 pages
What Is System Vulnerability?: Default Permit
No ratings yet
What Is System Vulnerability?: Default Permit
6 pages
PPPs Why They Matter!
No ratings yet
PPPs Why They Matter!
1 page
CISSP - Cryptography Drill-Down Handout
No ratings yet
CISSP - Cryptography Drill-Down Handout
43 pages
Vulnerability Disclosure Debate
No ratings yet
Vulnerability Disclosure Debate
6 pages
A Framework For A Vulnerability Disclosure Program For Online Systems
No ratings yet
A Framework For A Vulnerability Disclosure Program For Online Systems
8 pages
Unveiling Instagram Hacking
No ratings yet
Unveiling Instagram Hacking
47 pages
Virtual Ization
No ratings yet
Virtual Ization
6 pages
Gray Hat Hacking 23
No ratings yet
Gray Hat Hacking 23
1 page
(PIS) Individual Assignment
No ratings yet
(PIS) Individual Assignment
5 pages
Jestro Master Solution
No ratings yet
Jestro Master Solution
6 pages
2035 Courseoutline
No ratings yet
2035 Courseoutline
3 pages
CyTech CyFir #2 (Anonymous Remote Logons On Key Dates) (060821)
No ratings yet
CyTech CyFir #2 (Anonymous Remote Logons On Key Dates) (060821)
8 pages
The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks
From Everand
The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks
Alan Calder
No ratings yet
Sec+ 1 - CertPreps
No ratings yet
Sec+ 1 - CertPreps
1 page
Course Links #7
No ratings yet
Course Links #7
9 pages
CompTIA Security+ Study Guide - Scholarly Flashcards
No ratings yet
CompTIA Security+ Study Guide - Scholarly Flashcards
23 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Gray Hat Hacking 80

Uploaded by

Gray Hat Hacking 80

Uploaded by

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

Full Disclosure Policy—the RainForest

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.