ISO frees up vuln standard
The ISO's vulnerability disclosure standard is now available free to all.
The decision to make ISO/IEC 29147 a free publication means companies can create consistent processes for receiving vulnerability disclosures.
If it's followed, that would be a good thing: all too often, even respectable bug-hunters like Google or Cisco's Talos complain that vendors either lack processes for bug-reporting, or are unresponsive to reports.
Formerly 138 Swiss Francs, the document was made free following a request by the US CERT Coordination Centre's Art Manion, and Luta Security's Kate Moussouris.
The standard is available for download here.