News Document Title: ==================== Vulnerability Lab - Disclosure Partnership Program Release Date: ============= 2011-08-21 Laboratory Article: =================== Vulnerability Lab - Disclosure Partnership Program Step 1: Allowing inclusion Consent for inclusion in the Security Vulnerability Lab Products List and delivery of specific product names. support[at]vulnerability-lab.com Step 2: Admission to product testing list The appropriate application or software can be included in a special private list for product safety testing. Step 3: Penetration tests, List and Publication The list is only provided for approved/qualifier lab users and penetration testers. Our certified testers can search for vulnerabilities in its products. You can decide whether they require additional demo systems available to increase the hit rate. Our goal is the publication of (minimum) 1 product vulnerability per month. Step 4: Disclosure Process for Partners After the submission of a vulnerability, the advisory will be verified in the laboratory and moved through the processes [Pending on Laboratory] over [Verified by Laboratory] to [Accepted by Vendor]. The partnership ensures that the forwarding of security holes are only the product vendor/manufacturer. [View: Upcoming] Step 5: Public disclosure? The vendor has the choice if the vulnerability is made publicly after fixing. Normal procedure is that after a bug is fixed its made public. If for a reason a vender doesnt want the bug to be public the vendor has to give prior notice to the Vulnerability-Lab team. (Before the fix has been released) If a vendor chooses to not wanting the bug to be publicly made available the bug will only stay in the private area of the Vulnerability-Lab. Step 6: Banner A banner will be placed on our partner site in the laboratory. On our partner site are all the trusted partners or sponsors that the Vulnerability-Lab has. vulnerability-lab.com/partners Its also possible to exchange banners. Step 7: Now wait ... At this point the Vulnerability-Lab team and its researchers will try and find bugs in your programs/appliances/etc. URL: http://www.vulnerability-lab.com/partner.php