ICANN Releases Guideline for Coordinated Vulnerability Disclosure Reporting

Home / News

ICANN Releases Guideline for Coordinated Vulnerability Disclosure Reporting

By CircleID Reporter
March 12, 2013, 5:31 pm PDT Views: 8,888 Add Comment

ICANN has released a set of guidelines to explain its Coordinated Vulnerability Disclosure Reporting. The guidelines serve two purposes, says ICANN: “They define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN.”

Coordinated Vulnerability Disclosure refers to “a reporting methodology where a party (‘reporter’) privately discloses information relating to a discovered vulnerability to a product vendor or service provider (‘affected party’) and allows the affected party time to investigate the claim, and identify and test a remedy or recourse before coordinating the release of a public disclosure of the vulnerability with the reporter.”

Illustration of a Coordinated Disclosure Process – The roles and relationships of parties typically involved in a coordinated disclosure. Source: ICANN (Click to Enlarge)

By CircleID Reporter — CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.
Visit Page

Filed Under

Comments

The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.