2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening.
"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more
2019/07/31 : Here is the Project Zero FAQ.
This artifact is part of the Google Project Zero Bundle.Read more
2002/02 : IETF Draft by Steve Christey from MITRE and Chris Wysopal :
"During the process of disclosure, many vendors, security researchers, and other parties follow a variety of unwritten or informal guidelines for how they interact and share information. Some parties may be unaware of...Read more
2009/03/23 : Dennis Fisher highlights the end of free vulnerability disclosure.
"It appears that the free ride is over for software vendors."Read more
2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited....Read more
2002/03/11 : Rasch analyses Christey and Wysopal IETF Draft.
"The report articulates what many in the security industry have considered to be a reasonable method of reporting security vulnerabilities." (p.1)
This artifact is part of the...Read more
2019/02: Swiss Post official terms of use, conditions and code of conduct for their e-voting bug bounty programRead more
2004/09/01 : "This document provides a reference process embodying best practices associated with one such model, which is characterized by close collaboration in good faith between the person or organization who identifies a vulnerability and the person or organization responsible...Read more
2002/04/08 : Arne Vidstrom points a list of the pros, cons and fake arguments on full disclosure of vulnerabilities.
This artifact is part of the Culp debate Bundle.Read more