coordinated vulnerability disclosure

Is the iDefense challenge worth it? (Chickowski paper)

2006/02/23 : Ericka Chickowski writes upon iDefense rewards and their way of working with enterprises and hackers. 

This artifact is part of the iDefense Bundle...Read more

Coordinated Vulnerability Disclosure: Bringing Balance to the Force (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more

ISO/IEC 29147:2014

2014/02 : "ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure." (see : https...Read more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure Version 1.1 2020

Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure. 

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

Google Project Zero

2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more

Guidelines and Practices for Multi-Party Vulnerability Coordination Open to Review (on FIRST Guidelines)

2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

FIRST updates guidelines for multi-party vulnerability disclosure (Haworth Paper)

2020/05/18 : Jessica Haworth writes on FIRST updates guidelines for multi-party vulnerability disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle.Read more

Black Hat 2014 Keynote: Cybersecurity as Realpolitik (on Geer Keynote)

2014/08/15 : Thu T. writes on Dan Geer keynote at the Black Hat Conference of 2014.

This artifact is part of the Geer keynote Bundle.Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

‘We Got to Be Cool About This‘: An Oral History of the L0pht (Part One - Fisher paper)

2018/03/06 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the first part. 

"L0pht [was] one of the more influential hacker crews of the last 25 years. They were the varsity." 

Click here to read...Read more

Subscribe to coordinated vulnerability disclosure