coordinated vulnerability disclosure

iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free ...Read more

ISO/IEC 29147:2014

ISO/IEC 29147:2014
Guide for how to handle vulnerability reports (on ISO/IEC 29147:2014)
A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

Security.txt Standard Proposed, Similar to Robots.txt

2017/09/15 : Catalin Cimpanu writes upon Security.txt and Robots.txt.

This artifact is part of the Security.txt Bundle.Read more

Coordinated Vulnerability Disclosure: From Philosophy to Practice (Microsoft)

2011/04/19 : Microsoft publishes a paper on CVD to explain in more details how it is working.

"Today, we’re providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD at Microsoft document, MSVR...Read more

Guide for how to handle vulnerability reports (on ISO/IEC 29147:2014)

2016/04/18 : Juha Saarinen writes on the document published by International Standards Organisation and International Electrotechnical Commission. This document "helps organisations handle responsible...Read more

A Method for Web Security Policies draft-foudil-securitytxt-06 - Foudil and Shafranovich Draft

2019/04/08 : In this document, Foudil and Shafranovich "define a format ("security.txt") to help organizations describe the process for security researchers to follow in order to report security vulnerabilities."

Read more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure Version 1.1 2020

Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure. 

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

2018/03/07 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the second part, when L0pht began to be known. 

Click here to read Part One, Part Three and...Read more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

2017 : FIRST release their Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
"The purpose of this document is to assist in improving multi-party vulnerability coordination across different stakeholder communities."

This artifact is...Read more

'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)

2018/03/09 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the fourth part, talking about the end of LØpht.

Click here to read Part One...Read more

‘We Got to Be Cool About This‘: An Oral History of the L0pht (Part One - Fisher paper)

2018/03/06 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the first part. 

"L0pht [was] one of the more influential hacker crews of the last 25 years. They were the varsity." 

Click here to read...Read more

Subscribe to coordinated vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel