coordinated vulnerability disclosure

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

2017 : FIRST release their Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
"The purpose of this document is to assist in improving multi-party vulnerability coordination across different stakeholder communities."

This artifact is...Read more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure Version 1.1 2020

Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure. 

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

Guidelines and Practices for Multi-Party Vulnerability Coordination Open to Review (on FIRST Guidelines)

2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers

2014/07/15 : "Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software."

This artifact is...Read more

Thirty Minutes Or Less: An Oral History of the LØpht, Part Three

2018/03/08 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the third part, when "[p]ieces in The Washington Post, Wired, and many other outlets raised the group's profile and brought its work to the attention of people far outside the hacker...Read more

FIRST Vulnerability Disclosure Guidelines

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
Guidelines and Practices for Multi-Party Vulnerability Coordination Open to Review (on FIRST Guidelines)
FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure Version 1.1 2020
FIRST updates guidelines for multi-party vulnerability disclosure (Haworth Paper)
Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

Guide for how to handle vulnerability reports (on ISO/IEC 29147:2014)

2016/04/18 : Juha Saarinen writes on the document published by International Standards Organisation and International Electrotechnical Commission. This document "helps organisations handle responsible...Read more

iDefense

iDEFENSE Labs Website Launch
iDefense Bug bounty
iDefense Press Release 2006/02/10
Is the iDefense challenge worth it? (Chickowski paper)
Quarterly Vulnerability Challenge (iDefense Labs)
VeriSign iDefense offers US$48,000 for Vista, Internet Explorer 7 vulnerabilities (Chickowski paper)
VCP Reward Programs (iDefense)
Update on the CERT Guide to Coordinated Vulnerability Disclosure (2019)

2019/09/16 : Here is the 2019 Update of the CERT Guide to Coordinated Vulnerability Disclosure.

This artefact is part of the CERT CC Bundle.Read more

FIRST updates guidelines for multi-party vulnerability disclosure (Haworth Paper)

2020/05/18 : Jessica Haworth writes on FIRST updates guidelines for multi-party vulnerability disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle.Read more

FIRST Vulnerability Coordination SIG

2014/06 : "The Industry Consortium for Advancement of Security on the Internet, ICASI, proposed to the FIRST Board of Directors that a Special Interest Group (SIG) be considered on Vulnerability Disclosure. After holding meetings at the FIRST Conferences in Boston in June 2014...Read more

Subscribe to coordinated vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel