Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: RFC2142 is a two-way street SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
RFC2142 is a two-way street

As Johannes pointed out in RFC2142 is a pretty good RFC to follow.  It works both ways too.

For example, let's say you're running vulnerability scans against your local bank's website and you come across what you think is a very serious vulnerability do you:

a) Jot that IP address down for later use when you need to pay off your credit card debts from the holiday season's over-indulgences.

b) Drop a friendly fact-filled note to


c) Launch a media campaign to publicize the risk encouraging your readers to write letters to the Office of the Comptroller of the Currency

If one supports the idea of Responsible Disclosure the answer would be B, followed by C after an acceptable period of time.

Kevin Liston

292 Posts
ISC Handler
Dec 25th 2005

Sign Up for Free or Log In to start participating in the conversation!