vulnerability disclosure

‘Microsoft Was Freaking Out‘: An Oral History of the LØpht -Part Two - Fisher Paper)

2018/03/07 : Dennis Fisher gives us an Oral History of the LØpht in four parts. This is the second part, when L0pht began to be known. 

Click here to read Part One, Part Three and...Read more

The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities (on Security.txt)
2017/09/19 : Douglas Bonderud writes on Security.txt.
This artifact is part of the 
...Read more
Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

iDEFENSE Labs Website Launch

2005/02/17 : iDEFENSE Labs announces the launch of their community site.

"This site will serve as our repository for sharing our research and development with the security community, including the release of free ...Read more

Bugtraq archives

https://bugtraq.securityfocus.com/archive#0.2.1

Culp Debate

Culp - It's time to end information anarchy
A Step Towards Information Anarchy: A Call To Arms - hellNbak
Information Anarchy: The Blame Game? - Edwards reaction on Culp essay
Security in an Open Electronic Society - Levy reaction on Culp essay
Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay
Keeping Security Issues in the Open - Davies reaction on Culp essay
NEOHAPSIS - LeBlanc reaction on Culp essay
Security woes: Who is to blame? - Culp interview
MS says stop discussing hack exploits - Leyden paper
ACM: Digital Library: Computers and Society - Bollinger paper
Full Disclosure of Vulnerabilities – pros/cons and fake arguments (Vidstrom paper)
Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue
A unified timeline of Efail PGP disclosure events

2018/05/16: Timeline of the Efail vulnerabilities disclosures to PGP vendors and usersRead more

"Ceci n’est pas une preuve : The use of trapdoor commitments in Bayer-Groth proofs and the implications for the verifiabilty of the Scytl-SwissPost Internet voting system"

2019/03/12: Report of researchers who found a vulnerability in the SwissPost e-voting shuffle. The trapdoor commitment scheme allows an undetectable vote manipulation. Two examples are shown in the report

Brief Summary hereRead more

Whacked Mac collection CD (L0pht)

https://archive.org/details/WhackedMacCD
US Vulnerabilities Equities Process (Fact Sheet)

2017/11/15 : "[T]he White House released a charter for the administration’s once-shadowy Vulnerabilities Equities Process (VEP)." (see : https://www.lawfareblog.com/...Read more

Fortinet slams Rapid7 for disclosing vulnerability before end of their 90-day window

2021/08/12 : "A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue."Read more

It's time to be responsible (Morgenstern, Parker and Hardy paper)

2002/03/01 : Michael Morgenstern, Tom Parker and Scott Hardy write about vulnerability disclosure debate occuring since one year. They assume "it's time to be responsible".

"Over the last 12 months various computer-using groups have been intensely debating the...Read more

Subscribe to vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel