[Ics-security] New report on setting best practices for ICS Vulnerability Disclosure
Kelly Mahoney
mahoney at jlab.org
Fri Jul 27 07:54:36 EDT 2012
The US ICS Joint Working Group just released a new report on
recommendations on security vulnerability reporting (disclosure) for
control systems. A copy is attached. Although aimed at the security
administrators, it has some good recommendations and guidance for
reporting in general. Of course, JLab's IT security is ahead of the
curve on many aspects.
Questions -
Do you think there should there be a separate reporting process
specifically for JLab controls security?
If I find a vulnerability in a control system component now (PLC, IOC,
embedded controller, BMS, LabView SW,...) should I work through JLab IT
security or directly with the vendor and/or ICS-CERT?
What do/would you do?
Kelly Mahoney
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICSJWG_Vulnerability_Disclosure_Framework_Final_1.pdf
Type: application/pdf
Size: 144560 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120727/25602553/attachment-0001.pdf
More information about the ICS-Security
mailing list