2016/06/04 : Ari Schwartz and Rob Knake from the Belfer Center for Science and International Affairs publishes this discussion paper analysing the VEP (Vulnerability Equities Policy and rocess) and offering it some improvements. Read more
2015/01/11 : Microsoft made a call for better coordinated vulnerability disclosure after that "Google has released information about a vulnerability in a Microsoft product, two days before [their] planned fix on [their] well known and coordinated Patch Tuesday cadence, despite [their]...Read more
2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more
2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.
"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more
2004/12 : Jeff Bollinger explains his point of view in the vulnerability disclosure debate.
"To effect the optimal result of 'greatest good', each player in the disclosure process must agree and co-ordinate to achieve the greatest return, and lowest damages." (p.14)
This artifact...Read more
2006/02/23 : Ericka Chickowski writes upon iDefense rewards and their way of working with enterprises and hackers.
This artifact is part of the iDefense Bundle...Read more
2013/06/19 : Microsoft decided to create new bounty program.
This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more
2018/05/14: Article on the EFAIL vulnerabilities concerning OpenPGP and S/MIME encrypted emailRead more