2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more
2021/08/12 : "A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue."Read more
2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.
"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)
This artifact...Read more
2019/07/31 : Here is the Project Zero FAQ.
This artifact is part of the Google Project Zero Bundle.Read more
2001/10/18 : Leyden explains Culp essay.
This artifact is part of the Culp debate Bundle.Read more
Here is a presentation on objectives, the way of reporting and addressing vulnerabilities, security tools, and proposed organizational framework by OIS.
This artifact is part of the OIS Bundle.Read more
2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more
2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
1999 : NMRC [Nomad Mobile Research Center] published a bug disclosure policy stating they would first verify the vulnerabilities they found, before notifying the vendor. The public will be informed one month after the vendor in case of a 'very high priority...Read more