An open vulnerability database?
Posted on 2004-04-07 at 08:01
Seems like the Open Source Vulnerability Database could fill a niche need here by allowing people to report vulnerabilities, but not automatically posting them until a set time after the report date. Then having it automatically notify the vendor of the vulnerability. The vendor could ignore it (in which case after a set interval the issue would go public) or fix it and let it go public sooner. Just an idea.