coordinated vulnerability disclosure

iDefense

iDEFENSE Labs Website Launch
iDefense Bug bounty
iDefense Press Release 2006/02/10
Is the iDefense challenge worth it? (Chickowski paper)
Quarterly Vulnerability Challenge (iDefense Labs)
VeriSign iDefense offers US$48,000 for Vista, Internet Explorer 7 vulnerabilities (Chickowski paper)
VCP Reward Programs (iDefense)
Update on the CERT Guide to Coordinated Vulnerability Disclosure (2019)

2019/09/16 : Here is the 2019 Update of the CERT Guide to Coordinated Vulnerability Disclosure.

This artefact is part of the CERT CC Bundle.Read more

iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free ...Read more

Coordinated Vulnerability Disclosure at Microsoft

2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more

Microsoft Says No to Paying Bug Bounties (Fisher paper)

2010/07/22 : "Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products."

This artifact is part of the ...Read more

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

2018/03/07 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the second part, when L0pht began to be known. 

Click here to read Part One, Part Three and...Read more

Thirty Minutes Or Less: An Oral History of the LØpht, Part Three

2018/03/08 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the third part, when "[p]ieces in The Washington Post, Wired, and many other outlets raised the group's profile and brought its work to the attention of people far outside the hacker...Read more

Microsoft Vulnerability Research Advisories

https://web.archive.org/web/20110425041124/http://www.microsoft.com/technet/secu…
FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

2017 : FIRST release their Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
"The purpose of this document is to assist in improving multi-party vulnerability coordination across different stakeholder communities."

This artifact is...Read more

No more free bugs for software vendors (Fisher paper)

2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.

"It appears that the free ride is over for software vendors."Read more

FIRST Vulnerability Coordination SIG

2014/06 : "The Industry Consortium for Advancement of Security on the Internet, ICASI, proposed to the FIRST Board of Directors that a Special Interest Group (SIG) be considered on Vulnerability Disclosure. After holding meetings at the FIRST Conferences in Boston in June 2014...Read more

Coordinated Vulnerability Disclosure: Bringing Balance to the Force (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more

Subscribe to coordinated vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel