vulnerability disclosure policy

The four problems with the US government's latest rulebook on security bug disclosures (The Register)

2017/11/15 :  Kieren McCarthy analyses the creation of the VEP (Vulnerability Equities Process). 

"The United States government has published its new policy for publicly disclosing vulnerabilities and...Read more

Security and IT Industry Leaders Form Organization for Internet Safety - Creation of OIS

2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more

Responsible Vulnerability Disclosure Process - draft-christey-wysopal-vuln-disclosure-00.txt

2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :

"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more

Statement on recent comments regarding the source code publication of the Swiss e-voting system

2019/02/22: Scytl statement concerning rumors of Swiss Post leaked source code. This addresses the cases of unofficial diffusion of source code and unofficial criticsRead more

FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure Version 1.1 2020

Spring 2020 : Here is the Version 1.1 of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure. 

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

Guidelines and Practices for Multi-Party Vulnerability Coordination Open to Review (on FIRST Guidelines)

2017/01/20 : Omar Santos writes about the new FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle...Read more

FIRST updates guidelines for multi-party vulnerability disclosure (Haworth Paper)

2020/05/18 : Jessica Haworth writes on FIRST updates guidelines for multi-party vulnerability disclosure.

This artifact is part of the FIRST Vulnerability Disclosure Bundle.Read more

ACM: Digital Library: Computers and Society - Bollinger paper

2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.

"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)

This artifact...Read more

Swiss Post terms, conditions and code of conduct Public Intrusion Test (PIT)

2019/02: Swiss Post official terms of use, conditions and code of conduct for their e-voting bug bounty programRead more

Subscribe to vulnerability disclosure policy