coordinated vulnerability disclosure

Security.txt Standard Proposed, Similar to Robots.txt

2017/09/15 : Catalin Cimpanu writes upon Security.txt and Robots.txt.

This artifact is part of the Security.txt Bundle.Read more

Geer Keynote at Black Hat 2014 - Cybersecurity as Realpolitik

https://www.youtube.com/watch?v=nT-TGvYOBpI
Google Project Zero

2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more

CERT Guide to Coordinated Vulnerability Disclosure announcement

2017/08/15 : Publication of the CERT Guide.

"The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights into how CVD can go awry and how to respond when it does so...Read more

Coordinated Vulnerability Disclosure: From Philosophy to Practice (Microsoft)

2011/04/19 : Microsoft publishes a paper on CVD to explain in more details how it is working.

"Today, we’re providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD at Microsoft document, MSVR...Read more

Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)

2018/03/09 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the fourth part, talking about the end of LØpht.

Click here to read Part One...Read more

Update on the CERT Guide to Coordinated Vulnerability Disclosure (2019)

2019/09/16 : Here is the 2019 Update of the CERT Guide to Coordinated Vulnerability Disclosure.

This artefact is part of the CERT CC Bundle.Read more

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

2018/03/07 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the second part, when L0pht began to be known. 

Click here to read Part One, Part Three and...Read more

Geer Keynote at Black Hat 2014 - Cybersecurity as Realpolitik (transcription)

2014/08/06 : Here is the transcription of Dan Geer keynote at the Black Hat Conference of 2014. He explains how vulnerability research should now be recognized as a job and not a hobby anymore. It must be paid.

This artifact is part of the ...Read more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

2017 : FIRST release their Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
"The purpose of this document is to assist in improving multi-party vulnerability coordination across different stakeholder communities."

This artifact is...Read more

Subscribe to coordinated vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel