-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


HexView disclosure policy:
==========================

Effective date: 2005-03-29

HexView notifies vendors with publicly available contact e-mail addresses
24 hours before disclosing any information to the public. If we are unable
to find vendor's e-mail address or if no human reply is received within 24
hours, HexView will publish vulnerability notification including all technical
details unless the issue is rated as "critical". If vendor does not reply
within 72 hours, HexView may disclose all details for critical vulnerabilities
as well. HexView will publish all details of low-rated vulnerabilities 24 hours
after vendor notification unless there are considerable factors not to do so.

For vulnerabilities rated "high" and "critical":
If vendor replies within the above mentioned time period, HexView will announce
the vulnerability, but will not disclose the details required to reproduce it.
HexView will also specify the date when a full disclosure containing all the
details will be published. The time period between the announcement and full
disclosure is 30 days unless there is an agreement with vendor and appropriate
justification for extension. If vendor resolves the issue earlier than 30 days
after announcement, HexView may publish full disclosure earlier providing that
vendor's patch is available to the public.

HexView reserves the right to publish any detail of any vulnerability at
any time.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCTFLADPV1+KQrDqQRAiaGAJ4riXqgDkgct61oAcSWlcUDRPZwUgCaA+4Z
qH5EaAxslnQk9mUKMd2wRE0=
=W06C
-----END PGP SIGNATURE-----