Writing Computer Security Advisories
Some teams decide to write their own advisories on vulnerabilities about which they want to alert their constituency. Other teams simply rely on forwarding advisories from other sources, such as those published by CERT CC or specific vendors. A few simple rules should be followed by teams chartered with writing their own advisories:
Keep it simple. The advisory should stick to the facts and avoid technical jargon.
Always include a fix or some steps to lessen the vulnerability. If a vulnerability does not have a readily available fix or countermeasure, the decision may be to not advertise the problem for further exploitation.
If a patch will be downloaded, include the MD5 checksum whenever it is available. The ...
Get Effective Incident Response Team, The now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
