The Organization for Internet Safety is soliciting comments on its guidelines for reporting and responding to software security vulnerabilities. OIS, a consortium of software vendors, researchers and security consultants, released the guidelines in July 2003, hoping to bring some order to the continual struggle between code makers and code breakers. The second version is expected to be available in mid-July. OIS hopes to address some issues in the second release that were sidestepped in the first edition, such as what role—if any—the government should play in vulnerability reporting. That was one of the few issues on which the drafters could not come to any clear consensus last year, said Scott Blake, vice president of information security for BindView Corp. of Houston and chairman of the OIS communications committee. Full Story