2001/10/17 : "Code Red, Nimda and a few of the more recent worms were made possible not by the research that discovered the vulnerability they exploited but by the lack of awareness and training by system administrators who did not patch their systems." (p.1-2)
This artifact is part of...Read more
2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.
"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more
2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp.
"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more
2013/06/19 : Microsoft decided to create new bounty program.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
2021/07/31 : Lawrence Abrams writes a paper about a new event of full disclosure.
"A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver."Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more
2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more
2001/10/23 : Edwards analyses Culp essay on information anarchy.
"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more
2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more
2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay
"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more