Page History
...
The Traffic Light Protocol (TLP) has been adopted for a standards-track by FIRST [1401]. By marking a document with a TLP level—Red, Amber, Green, or White—a sender can easily communicate the sensitivity of vulnerability information and expectations about sharing it further. In the context of CVD, the following applies:
...
CVD participants should keep in mind that their case tracking and email systems themselves present attack surface and may be affected by the very vulnerabilities they are designed to coordinate. We have witnessed reports containing examples of image parsing vulnerabilities causing problems for both webmail and ticketing systems that automatically generate thumbnail previews of image attachments. Vendors and coordinators concerned about such risks should consider the degree to which their CVD support infrastructure is integrated with normal business operations systems. In some scenarios, maintaining parallel infrastructure may be preferable.
References
- FIRST, "TRAFFIC LIGHT PROTOCOL (TLP) FIRST Standards Definitions and Usage Guidance — Version 1.0," [Online]. Available: https://www.first.org/tlp. [Accessed 16 May 2017].
Overview
Content Tools