vendor-researcher relationship

Coordinated Vulnerability Disclosure: From Philosophy to Practice (Microsoft)

2011/04/19 : Microsoft publishes a paper on CVD to explain in more details how it is working.

"Today, we’re providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD at Microsoft document, MSVR...Read more

Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more

NEOHAPSIS - LeBlanc reaction on Culp essay

2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp. 

"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more

Google Ups the Bug Bounty Ante to $3133.7 (Threat post)

2010/07/20 : Dennis Fisher writes on the new adjustment of the price of Google bug rewards.

This artifact is part of the Google Vulnerability Report Bundle.Read more

Coordinated Vulnerability Disclosure at Microsoft

2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more

Announcing Coordinated Vulnerability Disclosure (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure."

This artifact is part of the ...Read more

Google Security Reward - 2015 Year in Review

2010/01 : Google launches its Vulnerability Report Program which gives financial bounties to security researcher finding bugs. 

"[B]ecause rewarding security researchers for their hard work benefits everyone. These financial rewards help make our services, and the web as a whole,...Read more

HP, Bug-Hunters Declare Truce (PC World paper)

2002/08/09 : Kim Zetter writes upon the story behind SnoSoft's pitch, the extortion charges, and the DMCA threat.

Read more

Fortinet slams Rapid7 for disclosing vulnerability before end of their 90-day window

2021/08/12 : "A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue."Read more

Subscribe to vendor-researcher relationship