Vulnerability Disclosure

From Open SCADA Security Project

Revision as of 00:48, 12 February 2008 by Wade (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Responsible disclosure means many things to many people. It typically involves notifying the product vendor of the issue and providing them an opportunity to develop a patch. This page attempts to aid in providing options for responsible researchers.

[edit] Full Disclosure

In many cases the devices being used cannot be easily patched. Updating firmware and software is not an option within a short time frame. As a result of these practical restrictions, full disclosure within the SCADA domain is strongly discouraged.

[edit] Non-responsive Vendor

In some instances a vendor may be non-responsive or even not acknowledge the vulnerability. After a reasonable attempt has been made to inform the vendor contacting the following consortiums may be of assistance:


Differing views exist on this article. You can help the Open SCADA Security Project by adding your opinion.


This entry is a stub. You can help the Open SCADA Security Project by expanding it.

Retrieved from "http://www.scadasecurity.org/index.php/Vulnerability_Disclosure"