Microsoft

Coordinated Vulnerability Disclosure: Bringing Balance to the Force (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more

A Call for Better Coordinated Vulnerability Disclosure (Microsoft and Google Project Zero)

2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more

Security in an Open Electronic Society - Levy reaction on Culp essay

2001/10/21 : Levy gives his point of view on Culp essay : "It appears Culp is more comfortable with an 'information dictatorship' or 'information oligarchy' model, and has entirely missed the fact that the movie house ...Read more

Coordinated Vulnerability Disclosure: From Philosophy to Practice (Microsoft)

2011/04/19 : Microsoft publishes a paper on CVD to explain in more details how it is working.

"Today, we’re providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD at Microsoft document, MSVR...Read more

Filling A Gap In the Vulnerability Market – First Bounty Notification (Microsoft)

2013/07/10 : Here is the Microsoft first Bounty Notification after they finally decide to launch their bug bounty.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Back Orifice

Hacker Group Says Program Can Exploit Microsoft Security Hole (NY Times)
Schneier - Crypto-Gram August 15, 1999
How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Exploit Code on Trial (Poulsen paper)

2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more

Culp Debate

Culp - It's time to end information anarchy
A Step Towards Information Anarchy: A Call To Arms - hellNbak
Information Anarchy: The Blame Game? - Edwards reaction on Culp essay
Security in an Open Electronic Society - Levy reaction on Culp essay
Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay
Keeping Security Issues in the Open - Davies reaction on Culp essay
NEOHAPSIS - LeBlanc reaction on Culp essay
Security woes: Who is to blame? - Culp interview
MS says stop discussing hack exploits - Leyden paper
ACM: Digital Library: Computers and Society - Bollinger paper
Full Disclosure of Vulnerabilities – pros/cons and fake arguments (Vidstrom paper)
Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue
Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

L0pht

Hackers keep the heat on Windows NT security (L0pht)
L0pht testimony before the Congress (United States Senate Committee on Governmental Affairs)
L0pht Advisory: release of L0phtCrack for NT (Bugtraq archive)
Whacked Mac collection CD (L0pht)
Into the Breach - Ferdin
L0pht - Wikipedia
‘We Got to Be Cool About This‘: An Oral History of the L0pht (Part One - Fisher paper)
‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)
Thirty Minutes Or Less: An Oral History of the LØpht, Part Three
'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)

Microsoft Vulnerability Research Advisories

https://web.archive.org/web/20110425041124/http://www.microsoft.com/technet/secu…
Subscribe to Microsoft
Need help with PECE?
Join the PECE Slack channel