2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more
2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Robert Lemos is here commenting what happened.
This artifact is part of the Bundle ...Read more
Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
2004/01/13 : The National Infrastructure Advisory Concil published in January 2004 their Final report and recommendations on vulnerability disclosure.
"The NIAC reached consensus that the nation’s interests are advanced by a commitment by all stakeholders in...Read more
2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
Here is the Anti-sec policy described by one of the members of the movement.
This artifact is part of the Anti-Sec movement Bundle.Read more
2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more
2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.
"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the...Read more
2003/01/22 : Stephen A. Shepherd published in SANS a paper which had a big influence on vulnerability disclosure discussion. He defines responsible disclosure and recalls the key events on vulnerability disclosure debate. Read more
2016/01/18 : ENISA (European Union Agency for Cybersecurity) publishes its Good Practice Guide on Vulnerability Disclosure.Read more
2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.
"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more