2000/02/15 : Schneier published his monthly newsletter.
He reflects on the vulnerability debate.
"My position has changed over time. I'd like to revisit it.
There are really two issues here, intertwined. If someone...Read more
2006/02/23 : Ericka Chickowski writes upon iDefense rewards and their way of working with enterprises and hackers.
This artifact is part of the iDefense Bundle...Read more
2010/07/20 : Dennis Fisher writes on the new adjustment of the price of Google bug rewards.
This artifact is part of the Google Vulnerability Report Bundle.Read more
2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp.
"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more
2010/01/29 : Dennis Fisher writes on the Google new program. It "will pay security researchers a $500 bounty for every security bug they find in Chromium, the open-source codebase behind the Google Chrome browser, as well as for bugs found in Chrome itself."
This...Read more
2004/09/01 : "This document provides a reference process embodying best practices associated with one such model, which is characterized by close collaboration in good faith between the person or organization who identifies a vulnerability and the person or organization responsible...Read more
2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure."
This artifact is part of the ...Read more
2011/04/19 : Microsoft reloaded its Coordinate Vulnerability Disclosure.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
2006/02/10 : Here is the iDefense Press Release presenting their new Vulnerability Contributor Program (VCP).
This artifact is part of the iDefense Bundle. Read more
2011/04 : "This [Microsoft] document aims to clarify how Microsoft communicates the disclosure of vulnerabilities with industry peers, customers, and the research community in a coordinated way. Lastly, this documentexplains how to engage with Microsoft in coordinated...Read more
2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay
"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more
2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more