coordinated vulnerability disclosure

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers

2014/07/15 : "Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software."

This artifact is...Read more

Update on the CERT Guide to Coordinated Vulnerability Disclosure (2019)

2019/09/16 : Here is the 2019 Update of the CERT Guide to Coordinated Vulnerability Disclosure.

This artefact is part of the CERT CC Bundle.Read more

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

2018/03/07 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the second part, when L0pht began to be known. 

Click here to read Part One, Part Three and...Read more

Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

Coordinated Vulnerability Disclosure at Microsoft

2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more

The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities (on Security.txt)
 Douglas Bonderud writes on Security.txt.
This artifact is part of the 
...Read more
WEIS Workshop (Berkeley university)

2002/05/16-17 : Workshop on Economics and Information Security (WEIS) took place at the Berkeley university. Researchers met to work on the question of "Do we spend enough [or too much] on keeping `hackers' out of our computer systems?". They speak of possible coordinated disclosure...Read more


2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more

Thirty Minutes Or Less: An Oral History of the LØpht, Part Three

2018/03/08 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the third part, when "[p]ieces in The Washington Post, Wired, and many other outlets raised the group's profile and brought its work to the attention of people far outside the hacker...Read more

Microsoft Says No to Paying Bug Bounties (Fisher paper)

2010/07/22 : "Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products."

This artifact is part of the ...Read more

Subscribe to coordinated vulnerability disclosure