RFPolicy

The RFPolicy describes a method to make manufacturers to found security holes in their software carefully. It was originally written by hackers and IT security consultant Rain Forest Puppy.

The process permits the manufacturer given five working days to respond to the error. If the manufacturer the notifier not contacted at this time, the facts should be made public. The reporting party should help the manufacturer in reproducing the error and provide a fix. If the manufacturer provides valid reasons to why did not resolve the problem, the publication should be delayed.

When closing the security gap, the manufacturer should mention the message or the fix appropriately.