Vendors, Consultants Propose Security Flaw Reporting Rules

Formed last fall, OIS includes major vendors such as Microsoft, Oracle, Symantec and Network Associates, as well as security services firms such as @Stake and Guardent. The organization said its draft document, the Security Vulnerability Reporting and Response Guide, offers a detailed process for security researchers to work with vendors to investigate and resolve security flaws.

The goal is to establish a framework for handling vulnerabilities to help improve Internet security, according to OIS. The group said it plans to gather comments on its proposal from the security community for the next 30 days and issue a final guide at next month's Black Hat conference in Las Vegas.

The proposed Security Vulnerability Reporting and Response Guide is available at www.oisafety.org.