2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of economic considerations and incentives that may influence their behaviour. These economic aspects of vulnerability disclosure are often overlooked and poorly understood, but may help explain why some vulnerabilities are disclosed responsibly while others are not. This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and has the overarching objective to improve the understanding of the economics of vulnerability disclosure by providing a glimpse into the costs, incentives and impact related to discovering and disclosing vulnerabilities."
Critical Commentary
2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of economic considerations and incentives that may influence their behaviour. These economic aspects of vulnerability disclosure are often overlooked and poorly understood, but may help explain why some vulnerabilities are disclosed responsibly while others are not. This study serves as a follow up to the 2015 ENISA Good Practice Guide on Vulnerability Disclosure and has the overarching objective to improve the understanding of the economics of vulnerability disclosure by providing a glimpse into the costs, incentives and impact related to discovering and disclosing vulnerabilities."