Vulnerability disclosure often happens in a cascading manner - from one person who discovers it to the public Internet. While everyone agrees that vulnerabilities need to be eventually disclosed in some form, (1) content (2) audience and (3) timing (C A T) of disclosure is often a topic of contention and discontent. There is a hope that if we take out subjectivity from disclosure C A T, vulnerability disclosures can be less painful, especially for critical vulnerabilities.
Audience should be selected based on their role, and if they play by the rules of disclosure. It may not matter if they work for the same organization or not. Same individuals/teams may perform two or three roles. An incident responder may identify the audience and facilitate the flow the contents between tiers.
Tier 0 - incident responders, vulnerability researcher
Content: Nothing → vulnerability report, PoC (Proof of Concept)
Tier 1 - inventors, architects and designers
Content: vulnerability report, PoC → well defined problem statement, root cause, solutions, PoC
Tier 2 - implementors, developers
Content: problem, root cause, solutions, PoC → problem, root cause, solutions, PoC, fix
Tier 3 - replicators, validators, pentesters
Content: problem, root cause, solution, PoC, fix → problem, solution, fix, recurrence prevention, conformance tests, workarounds, attack vectors
Tier 4 - integrators, large could/service operators, managed products, managed on premises deployments
Content: problem, risk, solution, fix, workarounds → feedback
Tier 5 - defenders, mitigators
Content: problem, attack vectors → problem, attack vectors, detection, prevention
Tier 6 - administrators, operators
Content: problem, risk, solution, fix, workarounds → feedback
Tier 7 - public, anyone who would not play by the rules.
Content: problem, attack vectors, risk, solution, fix, workarounds, detection, prevention.
3 comments:
nice
MEGA88 - Casino - Dr.MCD
Play games like 강원도 출장샵 Mortal 상주 출장안마 Kombat, Altered Beast, 천안 출장마사지 Castlevania: Bloodlines, Space Harrier 광주광역 출장마사지 2, Contra: Hard Corps, Space Harrier titanium tubing 2, Altered Beast,
Joker Poker, often referred to as as|sometimes called} Joker Wild is a well-liked variation of Jacks or Better with the Joker performing as a Wild card. Thus, the Joker probably be} used to exchange any card in a profitable hand. The deck in this sport features 53 playing cards, which make Joker Poker less complicated and simpler to win. As we mentioned above, it is unimaginable to guarantee a win at any gambling sport. The necessary thing is to make use of technique find a way to} 1xbet scale back the house edge and to remember to have fun while taking part in}. While there’s no sure-fire method of profitable at video poker, utilizing even basic poker methods can significantly increase your edge.
Post a Comment