[sldev] Viewer security vulnerability disclosure group

Rob Lanphier robla at lindenlab.com
Sun Dec 28 23:11:26 PST 2008

Previous message: [sldev] Viewer security vulnerability disclosure group
Next message: [sldev] Viewer security vulnerability disclosure group
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone,

It sounds like everyone who has 2 cents to chip in on this subject has
done so. 

Key takeaways from this conversation:
*  There were a number of people who expressed skepticism about the
effectiveness of having a formal non-disclosure agreement (NDA) versus a
trust relationship.  Some form of NDA may end up being a necessary part
of this, but the questions of added effectiveness are noted.
*  There were a couple of people who described a strong desire to be
able to maintain their anonymity.  I understand the reasons for wanting
this, and will look into whether it is possible to accommodate this.
*  There were people that argued pretty passionately on both sides of
the argument about whether or not an early disclosure group should
exist.  There wasn't consensus on this point (and I doubt we'll arrive
at consensus), but the arguments are all out there to deliberate on.

Here's what I imagine the next steps:
1.  I will continue to collect requests for membership in this group. 
If you haven't done so, and believe you have a case to be in this group,
please let me know via private email (and state your reasons for being
considered).
2.  I need to loop back with more people at Linden Lab to make a
determination about how to we want to move forward.  I feel I've got a
reasonably accurate take on what the various positions are and can speak
to them pretty well.
3.  In the next month, you should expect to see us announce a policy, or
else see a sheepish email from me around the end of January saying
"we're still working on it".  I really don't want to write a sheepish
email, but know if I don't acknowledge the possibility, then it's just
that much more likely I'll have to write it.

Should the need arise for such a group in the interim period, we'll have
to improvise.  I feel like having had that conversation, we're in a
better position to improvise than we would be otherwise.

Thanks everyone for your input, and for those of you who try to avoid
these sorts of policy conversations, thanks for your patience.

Rob

Previous message: [sldev] Viewer security vulnerability disclosure group
Next message: [sldev] Viewer security vulnerability disclosure group
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list