On the topic of highlighting security issues in a public forum...
The NZITF has just released a consultation draft of some guidelines
around responsible disclosure.
PLEASE have a read and provide feedback. I'm also looking at
presenting these in a form relevant to Network Operators at the
conference.
ie, How would you like Security Researchers to treat you when they
find the next gaping hole in your network?
Here's more from the release.
Consultation open on Responsible Disclosure Guidelines
Posted: 8 November 2013
Today the New Zealand Internet Task Force (the NZITF) has released
draft guidelines on responsible disclosure. These guidelines will help
security researchers and organisations that operate ICT systems to
work together to identify, understand and fix security vulnerabilities
in New Zealand websites and ICT systems.
We are seeking your views on these draft guidelines to make sure that
they are high quality and provide useful guidance on the aspects of
responsible disclosure that need covering.
We welcome any comments or suggestions that you have on how the
guidelines could be improved. We would also like to hear from you if
your organisation is interesting in being named as a third party for
finders to contact and act as an intermediary between them and the ICT
owners that they deal with.
The guidelines are available for download at
http://nzitf.org.nz/files/NZITF_Draft_Responsible_Disclosure_Guidelines.pdf
Submissions should be sent, by email, to
consult(a)nzitf.org.nz
by
Sunday 22 December (please include the words "guidelines submission"
in the subject header).
On Thu, Nov 21, 2013 at 12:04 PM, Tim Hoffman
This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!
And to keep it on topic - beer!
Cheers, —hoff
<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog