vulnerability disclosure

Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext (TheHackerNews article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

CERT Guide to Coordinated Vulnerability Disclosure announcement

2017/08/15 : Publication of the CERT Guide.

"The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights into how CVD can go awry and how to respond when it does so...Read more

Intigriti bug bounty

2017 : Intigriti launched its bug bounty program.Read more
Researchers Find Critical Backdoor in Swiss Online Voting System (Motherboard article)

2019/03/12: Motherboard article about critics concerning Swiss Post e-voting systemRead more

Vulnerability Disclosure FAQ (Project Zero)

2019/07/31 : Here is the Project Zero FAQ. 

This artifact is part of the Google Project Zero Bundle.Read more

Vulnerabilities Equities Policy and Process for the United States Government

2017/11/15 : "[T]he White House released a charter on the vulnerability equities policy outlining how the federal government will alert private companies to cybersecurity flaws or refrain for intelligence purposes." (...Read more

Guide for how to handle vulnerability reports (on ISO/IEC 29147:2014)

2016/04/18 : Juha Saarinen writes on the document published by International Standards Organisation and International Electrotechnical Commission. This document "helps organisations handle responsible...Read more

iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free 
...Read more

Microsoft Says No to Paying Bug Bounties (Fisher paper)

2010/07/22 : "Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products."

This artifact is part of the ...Read more

Subscribe to vulnerability disclosure