RFPolicy
Encyclopedia
The RFPolicy states a method of contacting vendors about security vulnerabilities found in their products
. It was originally written by hacker and security consultant Rain Forest Puppy.
The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter in those five days, the issue is recommended to be disclosed
to the general community
. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so.
If the vendor fails to respond or shuts down communication with the reporter of the problem in more than five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug.
Product (business)
In general, the product is defined as a "thing produced by labor or effort" or the "result of an act or a process", and stems from the verb produce, from the Latin prōdūce ' lead or bring forth'. Since 1575, the word "product" has referred to anything produced...
. It was originally written by hacker and security consultant Rain Forest Puppy.
The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter in those five days, the issue is recommended to be disclosed
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
to the general community
Community
The term community has two distinct meanings:*a group of interacting people, possibly living in close proximity, and often refers to a group that shares some common values, and is attributed with social cohesion within a shared geographical location, generally in social units larger than a household...
. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so.
If the vendor fails to respond or shuts down communication with the reporter of the problem in more than five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug.