2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more
2002/03/11 : Rasch analyses Christey and Wysopal IETF Draft.
"The report articulates what many in the security industry have considered to be a reasonable method of reporting security vulnerabilities." (p.1)
This artifact is part of the...Read more
2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more
2007/05/08 : Here is a Rain Forest Puppy interview done by Antonio Parata.
In June 2000, the hacker Rain Forest Puppy published his RFPolicy. The policy is known as the first attempt to formalize the complex issue of disclosure to the vendor or maintainer.
This...Read more
2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
Here is a presentation on objectives, the way of reporting and addressing vulnerabilities, security tools, and proposed organizational framework by OIS.
This artifact is part of the OIS Bundle.Read more
2001/09/28 : Here is a Rain Forest Puppy interview done by Kim Zetter about the RFPolicy.
In June 2000, the hacker Rain Forest Puppy published his RFPolicy. The policy is known as the first attempt to formalize the complex issue of disclosure to the vendor or maintainer....Read more
2018/05/24: Article on EFAIL vulnerability, email vulnerabilities and the patching of those vulnerabilities. It questions the safety of emails in generalRead more
2003/01/22 : Stephen A. Shepherd published in SANS a paper which had a big influence on vulnerability disclosure discussion. He defines responsible disclosure and recalls the key events on vulnerability disclosure debate. Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more