vulnerability disclosure

Security and IT Industry Leaders Form Organization for Internet Safety - Creation of OIS

2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more

Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

What SATAN is

1995 : The program SATAN (Security Administrator Tool for Analysing Networks) had been written to scan a Unix host on a network and then issue a report about known security vulnerabilities as well as possible fixes. It was the first vulnerability scanning program which...Read more

Texas Voting Machines Have Been ‘a Known Problemʼ for a Decade

Motherboard article about Texas voting machines not functioning but being used still. Note: the first page of the PDF document is to be ignoredRead more

CERT to disclose software flaws - Lemos paper

2000/10/09 : Lemos give his point of view on vulnerability disclosure debate.
"While Ranum is well-known in the industry for his black-and-white views on disclosure, most security professionals fall into a grey area."


This artefact is part of...Read more

Interview with Elias Levy (Bugtraq)

2000/10 : Interview with Elias Levy (Bugtraq). He explains his opinion on full disclosure. 

"Corporations only purpose is to generate money. Software vendors will only "take security seriously" when their customers do. Until then they have no incentive to...Read more

Böck - Der ungeklärte Btx-Hack

2014/11/18 in Golem.de : Hanno Böck writes on the BTX-Hack. 

1984 : Two members of the Chaos Computer Club (CCC) hacked BTX, by stealing 135 000Marks. They wanted to prove that the online service BTX, which had been in existence for a year at the time, was not sufficiently...Read more

Government's Role in Vulnerability Disclosure (Harvard - Belfer Center)

2016/06/04 : Ari Schwartz and Rob Knake from the Belfer Center for Science and International Affairs publishes this discussion paper analysing the VEP (Vulnerability Equities Policy and rocess) and offering it some improvements. Read more

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats (The Register Comments section)

2018/05/14: Comments section under the article of The Register "S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats"Read more

CERT/CC Overview

2000/10 : CERT/CC is committed to a responsible policy. All vulnerabilities reported to the CERT/CC will be disclosed to the public 45 days after the initial report, regardless of the existence or availability of patches or workarounds from affected vendors.

This artefact is part of ...Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Subscribe to vulnerability disclosure