vulnerability disclosure

Coordinated Vulnerability Disclosure: Bringing Balance to the Force (Microsoft)

2010/07/22 : "Today on the MSRC [Microsoft Security Response Center] blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated...Read more

United Airlines bug bounty

2015 : United Airlines launched its bug bounty program.Read more
PGP: Encryption Program Used by Edward Snowden 'Can Leak Secret Messages' (Newsweek article)

2018/05/14: Newsweek article about EFAIL disclosure.

This article is interesting as it makes the link between the EFAIL disclosure and the emblematic figure of digital rights activist Edward Snowden:

PGP, which is used to scramble the content of sensitive messages and

...Read more
The realities of Disclosure : Morgenstern and Parker on Christey and Wysopal failure

2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.

"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more

ISO/IEC 29147:2014

2014/02 : "ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure." (see : https...Read more

Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts (blog post)

2019/07/30: Mohd Haji's blog post on one of findings in Paypal. Explanation of the vulnerability he found and the steps he took.Read more

EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)

2018/05/14: EFF statement regarding the newly disclosed vulnerabilities affecting PGP and S/MIME usersRead more

Coordinated Vulnerability Disclosure: From Philosophy to Practice (Microsoft)

2011/04/19 : Microsoft publishes a paper on CVD to explain in more details how it is working.

"Today, we’re providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD at Microsoft document, MSVR...Read more

Ultimate guide to Vulnerability disclosure - 2021 (Bugcrowd)

2021/12 : "This reports examines :
The strategic, legal, and social nuances associated with vulnerabilities discovered “in the wild”
...Read more

The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities (on Security.txt)
 Douglas Bonderud writes on Security.txt.
This artifact is part of the 
...Read more
iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free 
...Read more

Subscribe to vulnerability disclosure