2000/10/09 : "Effective October 9, 2000, the CERT Coordination Center will follow a new policy with respect to the disclosure of vulnerability information."
Here are the information on the CERT/CC Vulnerability Disclosure Policy.
This artefact is...Read more
2017/11/15 : "[T]he White House released a charter for the administration’s once-shadowy Vulnerabilities Equities Process (VEP)." (see : https://www.lawfareblog.com/...Read more
2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.
"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more
2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more
2017/11/15 : "[T]he White House released a charter on the vulnerability equities policy outlining how the federal government will alert private companies to cybersecurity flaws or refrain for intelligence purposes." (...Read more
Here is a presentation on objectives, the way of reporting and addressing vulnerabilities, security tools, and proposed organizational framework by OIS.
This artifact is part of the OIS Bundle.Read more
2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited....Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more