Here is a presentation on objectives, the way of reporting and addressing vulnerabilities, security tools, and proposed organizational framework by OIS.
This artifact is part of the OIS Bundle.Read more
Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
2004/01/13 : The National Infrastructure Advisory Concil published in January 2004 their Final report and recommendations on vulnerability disclosure.
"The NIAC reached consensus that the nation’s interests are advanced by a commitment by all stakeholders in...Read more
2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more
2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more
2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Here is Weld Pond answer to it.
This artifact is part of the Bundle...Read more
2001/09/28 : Here is a Rain Forest Puppy interview done by Kim Zetter about the RFPolicy.
In June 2000, the hacker Rain Forest Puppy published his RFPolicy. The policy is known as the first attempt to formalize the complex issue of disclosure to the vendor or maintainer....Read more
2001 : "A group of black-hat hackers, in a campaign called "Project Mayhem," have declared war on white-hat hackers who've gone to work for security firms."
The 'Project Mayhem' is the battle declaration of full-disclosure against anti-sec.Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more
2018/05/16: Article criticizing the handling of the EFAIL vulnerabilities disclosureRead more