full disclosure

Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

L0pht testimony before the Congress (United States Senate Committee on Governmental Affairs)

https://www.youtube.com/watch?v=VVJldn_MmMY
Apple AirTag Bug Enables ‘Good Samaritan’ Attack

2021/09/28 (Krebs on Security Paper) : "The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these...Read more

ACM: Digital Library: Computers and Society - Bollinger paper

2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.

"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)

This artifact...Read more

L0pht Advisory: release of L0phtCrack for NT (Bugtraq archive)

1997/04/11 : Aleph One publishes a L0pht advisory on Bugtraq. 

This artifact is part of the L0pht Bundle.Read more

A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

;LOGIN: SPECIAL ISSUE ON SECURITY

1999/11 : Marcus Ranum and Jeremy Rausch wrote both on this special issue on Security. Did Jeremy Rausch wrote to respond  to Ranum’s article? The two article side-by-bside seems an editorial choice, was it an order of the journal ?

Between 1999...Read more

Apple Bug Bounty program

Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.
Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty
Apple AirTag Bug Enables ‘Good Samaritan’ Attack
Google 7-days disclosure

2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities. 

"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more

Microsoft Exchange servers are getting hacked via ProxyShell exploits

2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more

Ranum Keynote Slides (Black Hat Conference 2000)

2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.

Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more

Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.

2021/09/09 (in the Washington Post) : Reed Albergotti explains why ethical hackers are fed up with Apple's bug bounty program. Main reasons among others are the lack of communication, the confusion about payments and the long delays.

...Read more

Subscribe to full disclosure
Need help with PECE?
Join the PECE Slack channel