2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay
"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more
2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more
2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2011/04/19 : Microsoft reloaded its Coordinate Vulnerability Disclosure.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.
"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more
2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.
"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more
2013/07/10 : Here is the Microsoft first Bounty Notification after they finally decide to launch their bug bounty.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
1997 : L0pht, "a group of sophisticated hackers has stepped up the assault on the security of Microsoft's Windows NT operating system."
The group began then negotiating with Microsoft and other companies. They agreed to notice them a month before the...Read more
2001/11/08 : Robert Lemos interviewed Scott Culp for CNET News.
"The essay is not calling for people to refrain from looking for security vulnerabilities, to stop reporting them to the vendors, to stop telling customers about them. We don't want to change any of that. The only thing that...Read more
2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp.
"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more