This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Research page on Web Security Ratings and Disclosure Policies
From OWASP
Revision as of 12:14, 8 January 2010 by Dinis.cruz (talk | contribs)
Project idea:
Public Disclosure Policies (by Commercial websites)
- Paypal Site Security Researchers
- Facebook Report a Possible Security Vulnerability
- Salesforce.com Vulnerability Reporting Policy
- Wesabe Contacting Security - We want to hear from you
- Microsoft (link?)
Research Links
- Security Disclosure Policies That Remove Chilling Effects
- Some Comments on PayPal's Security Vulnerability Disclosure Policy
- Communicating a Site Security Policy
- An ethical framework for information security research
- Disclosure policies – what constitutes “responsible” disclosure, vs irresponsible disclosure?
Questions to answer
Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)
