2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more
2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :
"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more
2019/02/22: Scytl statement concerning rumors of Swiss Post leaked source code. This addresses the cases of unofficial diffusion of source code and unofficial criticsRead more
Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more
2020/05/18 : Jessica Haworth writes on FIRST updates guidelines for multi-party vulnerability disclosure.
This artifact is part of the FIRST Vulnerability Disclosure Bundle.Read more
2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.
"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)
This artifact...Read more
2019/02: Swiss Post official terms of use, conditions and code of conduct for their e-voting bug bounty programRead more
2017/11/15 : Kieren McCarthy analyses the creation of the VEP (Vulnerability Equities Process).
"The United States government has published its new policy for publicly disclosing vulnerabilities and...Read more