2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities.
"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more
1999/11 : Marcus Ranum and Jeremy Rausch wrote both on this special issue on Security. Did Jeremy Rausch wrote to respond to Ranum’s article? The two article side-by-bside seems an editorial choice, was it an order of the journal ?
Between 1999...Read more
2004/09/01 : "This document provides a reference process embodying best practices associated with one such model, which is characterized by close collaboration in good faith between the person or organization who identifies a vulnerability and the person or organization responsible...Read more
2002/05/16-17 : Workshop on Economics and Information Security (WEIS) took place at the Berkeley university. Researchers met to work on the question of "Do we spend enough [or too much] on keeping `hackers' out of our computer systems?". They speak of possible coordinated disclosure...Read more
2021/04/15 : This Policy and Disclosure 2021 Edition shows what modifications Projet Zero have done for 2021 and why, regarding vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms...Read more
2001/10/23 : Edwards analyses Culp essay on information anarchy.
"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more
2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more
2002/03/01 : Michael Morgenstern, Tom Parker and Scott Hardy write about vulnerability disclosure debate occuring since one year. They assume "it's time to be responsible".
"Over the last 12 months various computer-using groups have been intensely debating the...Read more
2002/03/11 : Rasch analyses Christey and Wysopal IETF Draft.
"The report articulates what many in the security industry have considered to be a reasonable method of reporting security vulnerabilities." (p.1)
This artifact is part of the...Read more
2019/02/22: Scytl statement concerning rumors of Swiss Post leaked source code. This addresses the cases of unofficial diffusion of source code and unofficial criticsRead more