2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.
"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the...Read more
2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay
"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more
2004/01/13 : The National Infrastructure Advisory Concil published in January 2004 their Final report and recommendations on vulnerability disclosure.
"The NIAC reached consensus that the nation’s interests are advanced by a commitment by all stakeholders in...Read more
2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more
2006/02/23 : Ericka Chickowski writes upon iDefense rewards and their way of working with enterprises and hackers.
This artifact is part of the iDefense Bundle...Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more
2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more
2011/04/19 : Microsoft reloaded its Coordinate Vulnerability Disclosure.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
2002/03/11 : Rasch analyses Christey and Wysopal IETF Draft.
"The report articulates what many in the security industry have considered to be a reasonable method of reporting security vulnerabilities." (p.1)
This artifact is part of the...Read more
2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more