2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure."
This artifact is part of the ...Read more
2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more
2015/02/13 : "Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a...Read more
2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.
"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more
2000/02/15 : Schneier published his monthly newsletter.
He reflects on the vulnerability debate.
"My position has changed over time. I'd like to revisit it.
There are really two issues here, intertwined. If someone...Read more
2006 : "The purpose of this paper is to look at economic vulnerability models that exist in the market today and analyze how they affect vendors, end users and vulnerability researchers." (Nagle and Sutton, p.2)Read more
2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities.
"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more
2010/01/29 : Dennis Fisher writes on the Google new program. It "will pay security researchers a $500 bounty for every security bug they find in Chromium, the open-source codebase behind the Google Chrome browser, as well as for bugs found in Chrome itself."
This...Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more