2010/07/20 : The Google authors give arguments to show why responsible disclosure is not always efficient. They propose to give a 60 days to the vendors to fix bugs disclosed before the vulnerabilities become public.Read more
2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more
2019/07/31 : Here is the Project Zero FAQ.
This artifact is part of the Google Project Zero Bundle.Read more
2018/12 : ENISA (European Union Agency for Cybersecurity) release its Economics of Vulnerability Disclosure Report.
"Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited....Read more
2005 : "Part One of this paper explains the current state of computer (in)security and sets forth three ways to restrict publications followed by the most common arguments for and against. It then illustrates the popularity of security publication restrictions with an ...Read more
2017/11/15 : "[T]he White House released a charter on the vulnerability equities policy outlining how the federal government will alert private companies to cybersecurity flaws or refrain for intelligence purposes." (...Read more
2001/10/18 : Leyden explains Culp essay.
This artifact is part of the Culp debate Bundle.Read more
2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities.
"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more
2018 : Atlantic Council release its comic It takes a village: How hacktivity can save your company.
"Sandra’s story aims to promote a better understanding of CVD practices among policymakers and business leaders, as well as address the misperception of CVD as a catch-all solution...Read more