CERT will publicize all new security vulnerabilities within 45 days

CERT will publicize all new security vulnerabilities within 45 days

By Susan M. Menke

GCN Staff

OCT. 10—The CERT Coordination Center has announced a new policy of disclosing all newly discovered computer security vulnerabilities within 45 days.

Starting around Nov. 20, the Defense Department-funded center at Carnegie Mellon University in Pittsburgh will begin making public all vulnerability reports within 45 days, regardless of whether the affected software products have patches or workarounds ready. The schedule is subject to change under circumstances such as active exploitation, serious threats or situations that require fixes to an established standard.

The center will, when possible, forward the reports of vulnerabilities to the vendors involved and will continue to publicize serious security holes through its advisories at www.cert.org/. It will not distribute details of reported exploits, however.

"It is the goal of this policy to balance the need of the public to be informed of security vulnerabilities with the vendors' need for time to respond effectively," the center's statement said.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group