coordinated vulnerability disclosure

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers

2014/07/15 : "Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software."

This artifact is...Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Guide for how to handle vulnerability reports (on ISO/IEC 29147:2014)

2016/04/18 : Juha Saarinen writes on the document published by International Standards Organisation and International Electrotechnical Commission. This document "helps organisations handle responsible...Read more

Update on the CERT Guide to Coordinated Vulnerability Disclosure (2019)

2019/09/16 : Here is the 2019 Update of the CERT Guide to Coordinated Vulnerability Disclosure.

This artefact is part of the CERT CC Bundle.Read more

iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free 
...Read more

Atlantic Council - It takes a village: How hacktivity can save your company

2018 : Atlantic Council release its comic It takes a village: How hacktivity can save your company.

"Sandra’s story aims to promote a better understanding of CVD practices among policymakers and business leaders, as well as address the misperception of CVD as a catch-all solution...Read more

ISO/IEC 29147:2014

2014/02 : "ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure." (see : https...Read more

Coordinated Vulnerability Disclosure at Microsoft

2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more

Geer Keynote at Black Hat 2014 - Cybersecurity as Realpolitik (transcription)

2014/08/06 : Here is the transcription of Dan Geer keynote at the Black Hat Conference of 2014. He explains how vulnerability research should now be recognized as a job and not a hobby anymore. It must be paid.

This artifact is part of the ...Read more

Subscribe to coordinated vulnerability disclosure