Top Qs
Timeline
Chat
Perspective
RFPolicy
Method of contacting vendors From Wikipedia, the free encyclopedia
Remove ads
The RFPolicy outlines a method for contacting vendors about security vulnerabilities found in their products. It was initially written in 2000[1] by hacker and security consultant Rain Forest Puppy.[2] It was perhaps the second disclosure policy, following Simple Nomad's.[3]
 | This article relies largely or entirely on a single source. (July 2024) |
The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter within those five days, the issue is recommended to be disclosed to the general community. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so.
If the vendor fails to respond or shuts down communication with the reporter of the problem within five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credit for reporting the bug.
Context for the history of vulnerability disclosure is available in a history article.[4]
Remove ads
References
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads