vulnerability disclosure

HackerOne bug bounty

2012 : HackerOne launched its bug bounty program.Read more
Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more

Full Disclosure mailing list - Archives

https://seclists.org/fulldisclosure/
Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

The hacker always rings twice

Vulnerability Disclosure FAQ (Project Zero)

2019/07/31 : Here is the Project Zero FAQ. 

This artifact is part of the Google Project Zero Bundle.Read more

Deconstructing the myths behind the full-disclosure debate (Shepherd paper)

2003/01/22 : Stephen A. Shepherd published in SANS a paper which had a big influence on vulnerability disclosure discussion. He defines responsible disclosure and recalls the key events on vulnerability disclosure debate. Read more

Government's Role in Vulnerability Disclosure (Harvard - Belfer Center)

2016/06/04 : Ari Schwartz and Rob Knake from the Belfer Center for Science and International Affairs publishes this discussion paper analysing the VEP (Vulnerability Equities Policy and rocess) and offering it some improvements. Read more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

EFAIL bundle

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)
PGP und S/MIME abschalten (Golem article)
Major eFail Vulnerability Exposes PGP Encrypted Email -- UPDATED (Forbes article)
Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)
Efail or OpenPGP is safer than S/MIME (W. Koch email)
#EFail - the security industry and the importance of nuance (HackDefense article)
Encrypted Email Has a Major, Divisive Flaw (Wired article)
S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register article)
PGP und S/MIME: E-Mail-Verschlüsselung akut angreifbar (Heise Security article)
No, PGP is not broken, not even with the Efail vulnerabilities (Protonmail)
A unified timeline of Efail PGP disclosure events
Efail: What A Disclosure FAIL That Was! (RBS article)
Statement on Efail research (Gpg4win)
Email Is Dangerous (The Atlantic article)
efail: Outdated Crypto Standards are to blame (Hanno's blog)
Die wichtigsten Fakten zu Efail (Golem article)
What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)
How To Turn PGP Back On As Safely As Possible (EFF article)
HTML MAils have no Security Concept and are to blame (Hanno's blog)
Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)
Encryption? This time it'll be usable, Thunderbird promises (The Register article)
Sebastian Schinzel Tweet about EFAIL vunlerability
iDefense Press Release 2006/02/10

2006/02/10 : Here is the iDefense Press Release presenting their new Vulnerability Contributor Program (VCP).

This artifact is part of the iDefense BundleRead more

Motives of Code Red Bug Hunters Questioned (PC World paper)

2001/09/07 : Kim Zetter explains how full disclosure debate starts again with the "Code Red's astonishing success".Read more

Subscribe to vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel