vulnerability disclosure

Security and IT Industry Leaders Form Organization for Internet Safety - Creation of OIS

2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more

Schneier - Crypto-gram January 15, 2000

2000/01/15 - Schneier Crypto-Gram newsletter :
nCypher publically disclosed SSL private key vulnerabilities to sell their solution to fix the flaw. Schneier writes here his opinion against this practice. 

This article is part of the...Read more

MS says stop discussing hack exploits - Leyden paper

2001/10/18 : Leyden explains Culp essay.

This artifact is part of the Culp debate Bundle.Read more

Apple bug bounty

2016 : Apple launched its bug bounty program. It upgraded to Mac in 2019.Read more
Toward the development of industry standards for security vulnerability handling - OIS objectives

Here is a presentation on objectives, the way of reporting and addressing vulnerabilities, security tools, and proposed organizational framework by OIS.

This artifact is part of the OIS Bundle.Read more

A Method for Web Security Policies draft-foudil-securitytxt-06 - Foudil and Shafranovich Draft

2019/04/08 : In this document, Foudil and Shafranovich "define a format ("security.txt") to help organizations describe the process for security researchers to follow in order to report security vulnerabilities."

Read more

VeriSign iDefense offers US$48,000 for Vista, Internet Explorer 7 vulnerabilities (Chickowski paper)

2007/01/12 : Ericka Chockowski writes upon the new reward of iDefense.
"VeriSign's iDefense Labs is offering a total of US$48,000 in awards for remotely exploitable vulnerabilities in the new Windows Vista operating system and Internet Explorer 7.0
...Read more

'Nothing's Going to Last Forever': An Oral History of the LØpht (Part Four- Fisher paper)

2018/03/09 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the fourth part, talking about the end of LØpht.

Click here to read Part One...Read more

Ant-Sec - We are going to terminate and - New Apache 0-day exploit uncovered

1998-1999 : Birth of the anti-Sec movement.

"We are the Ant-Sec movement, and we are dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics."

This artifact is part of the ...Read more

Rebooting Responsible Disclosure: a focus on protecting and users

2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more

DOJ: Framework for a Vulnerability Disclosure Program for Online Systems

2017/07 : The U.S. Department of Justice created a Framework for a Vulnerability Disclosure Program for Online Systems.Read more

Subscribe to vulnerability disclosure