Chapter 12. Security Vulnerability Notification
Public notification on security vulnerability is the most visible outcome of the work done by a product vulnerability handling team. It is also a prominent and disruptive event for customers. This chapter discusses various issues related to the production and publishing of security vulnerability notifications. To simplify matters, they are referred to only as a notification or a document. For the purposes of this chapter, publication means making information known outside the vendor; more precisely, that means product users and the general public.
Producing a good notification is no trivial matter, and a vendor needs to experiment until the right formula is found. Making changes to the notifications ...
Get Computer Incident Response and Product Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
