2003/11/23 : "Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any...Read more
2001/10 : Scott Culp, who founded MSRC (Microsoft Security Response Center), wrote an influential paper, after a series of attacks (virus and worms) from Feb to September 2001. At this time, the irritation against hackers and full disclosures was already calm since months.
Culp...Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more
2004/01/13 : The National Infrastructure Advisory Concil published in January 2004 their Final report and recommendations on vulnerability disclosure.
"The NIAC reached consensus that the nation’s interests are advanced by a commitment by all stakeholders in...Read more
2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more
2000/10/09 : "Effective October 9, 2000, the CERT Coordination Center will follow a new policy with respect to the disclosure of vulnerability information."
Here are the information on the CERT/CC Vulnerability Disclosure Policy.
This artefact is...Read more
1998-1999 : Birth of the anti-Sec movement.
"We are the Ant-Sec movement, and we are dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics."
This artifact is part of the ...Read more