ISO frees up vuln standard

The ISO's vulnerability disclosure standard is now available free to all.

The decision to make ISO/IEC 29147 a free publication means companies can create consistent processes for receiving vulnerability disclosures.

If it's followed, that would be a good thing: all too often, even respectable bug-hunters like Google or Cisco's Talos complain that vendors either lack processes for bug-reporting, or are unresponsive to reports.

Formerly 138 Swiss Francs, the document was made free following a request by the US CERT Coordination Centre's Art Manion, and Luta Security's Kate Moussouris.

The standard is available for download here.