Strict
guidelines were created, which were not always perceived as fair and flexible by participating
parties. The Organization for Internet Safety (OIS) was created to help meet the needs
of all groups and it fits into a partial disclosure classification. This section will give an
overview of the OIS approach, as well as provide the step-by-step methodology that has
been developed to provide a more equitable framework for both the user and the vendor.
OIS is a group of researchers and vendors that was formed with the goal of improving
the way software vulnerabilities are handled. The OIS members include @stake,
BindView Corp (acquired by Symantec), The SCO Group, Foundstone (a division of
McAfee, Inc.), Guardent, Internet Security Systems (owned by VeriSign), Microsoft Corporation,
Network Associates (a division of McAfee, Inc.), Oracle Corporation, SGI, and
Chapter 3: Proper and Ethical Disclosure
55
PART I
Symantec. The OIS believes that vendors and consumers should work together to identify
issues and devise reasonable resolutions for both parties. It is not a private organization
that mandates its policy to anyone, but rather it tries to bring together a broad,
valued panel that offers respected, unbiased opinions that are considered recommendations.
Pages:
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171