vulnerability disclosure

HackerOne bug bounty

2012 : HackerOne launched its bug bounty program.Read more
Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more

Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

Vulnerability Disclosure FAQ (Project Zero)

2019/07/31 : Here is the Project Zero FAQ. 

This artifact is part of the Google Project Zero Bundle.Read more

Deconstructing the myths behind the full-disclosure debate (Shepherd paper)

2003/01/22 : Stephen A. Shepherd published in SANS a paper which had a big influence on vulnerability disclosure discussion. He defines responsible disclosure and recalls the key events on vulnerability disclosure debate. Read more

Government's Role in Vulnerability Disclosure (Harvard - Belfer Center)

2016/06/04 : Ari Schwartz and Rob Knake from the Belfer Center for Science and International Affairs publishes this discussion paper analysing the VEP (Vulnerability Equities Policy and rocess) and offering it some improvements. Read more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

EFAIL bundle

iDefense Press Release 2006/02/10

2006/02/10 : Here is the iDefense Press Release presenting their new Vulnerability Contributor Program (VCP).

This artifact is part of the iDefense BundleRead more

Motives of Code Red Bug Hunters Questioned (PC World paper)

2001/09/07 : Kim Zetter explains how full disclosure debate starts again with the "Code Red's astonishing success".Read more

Subscribe to vulnerability disclosure