Research Reporter discovers the flaw and researches its behavior.
2. Verification Reporter attempts to re-create the flaw.
3. Reporting Reporter sends notification to receiver, giving thorough details of
the problem.
4. Evaluation Receiver determines if the flaw notification is legitimate.
5. Repairing Solutions are developed.
6. Patch evaluation The solution is tested.
7. Patch release The solution is delivered to the reporter.
8. Advisory generation The disclosure statement is created.
9. Advisory evaluation The disclosure statement is reviewed for accuracy.
10. Advisory release The disclosure statement is released.
11. Feedback The user community offers comments on the vulnerability/fix.
Communication
When observing the tendencies of the reporters and receivers, the case study researchers
detected communication breakdowns throughout the process. They found that factors
such as holidays, time zone differences, and workload issues were most prevalent. Additionally,
it was concluded that the reporting parties were typically prepared for all their
Gray Hat Hacking: The Ethical Hacker??™s Handbook
66
responsibilities and rarely contributed to time delays. The receiving parties, on the other
hand, often experienced lag time between phases, mostly due to difficulties in spreading
the workload across a limited staff.
Pages:
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193