Microsoft

A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

L0pht

Hackers keep the heat on Windows NT security (L0pht)
L0pht testimony before the Congress (United States Senate Committee on Governmental Affairs)
L0pht Advisory: release of L0phtCrack for NT (Bugtraq archive)
Whacked Mac collection CD (L0pht)
Into the Breach - Ferdin
L0pht - Wikipedia
‘We Got to Be Cool About This‘: An Oral History of the L0pht (Part One - Fisher paper)
‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)
Thirty Minutes Or Less: An Oral History of the LØpht, Part Three
'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)
MS says stop discussing hack exploits - Leyden paper

2001/10/18 : Leyden explains Culp essay.

This artifact is part of the Culp debate Bundle.Read more

Microsoft Exchange servers are getting hacked via ProxyShell exploits

2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more

Back Orifice

Hacker Group Says Program Can Exploit Microsoft Security Hole (NY Times)
Schneier - Crypto-Gram August 15, 1999
How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Coordinated Vulnerability Disclosure at Microsoft

2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

Filling A Gap In the Vulnerability Market – First Bounty Notification (Microsoft)

2013/07/10 : Here is the Microsoft first Bounty Notification after they finally decide to launch their bug bounty.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

"MS throttles research to conceal SW bugs" (Greene paper)

2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.

"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more

Vista contest offers cash for exploits (itnews paper)

2007/01/15 : "A US security firm is offering up to US$72,000 in bounties for the development of working exploits for Microsoft's Windows Vista and Internet Explorer 7." Read more

Subscribe to Microsoft
Need help with PECE?
Join the PECE Slack channel