vulnerability disclosure

Microsoft Exchange servers are getting hacked via ProxyShell exploits

2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more

A Step Towards Information Anarchy: A Call To Arms - hellNbak

2001 : Hellnbak proposes to enter the war against Culp's idea to "end information anarchy". Regarding to him, security should not be a question of calm business but more about safe and well-informed public.

This artifact is part of the ...Read more

Anti-hacking method of full disclosure under attack from a part of the security industry - McClure and Scambray

2000 : The authors explain their view pro full disclosure and its aim of educating people. They add their opinion on the bad sides of full disclosure.
"The only rational solution is to make the script kiddies responsible for their actions, as we do with all criminals...Read more

EFF : Attention PGP Users New Vulnerabilities Require You To Take Action Now (EFF article)

2018/05/14: EFF statement regarding the newly disclosed vulnerabilities affecting PGP and S/MIME usersRead more

Ballot box not hacked, errors in the source code – Swiss Post temporarily suspends its e-voting system

2019/03/29 : Swiss Post official press release on their decision to put on hold their e-voting system due to the recent disclosure of vulnerabilities in their source code. Followed by facts and figures on the public intrusion test on the e-voting system.Read more

Sebastian Schinzel Tweet about EFAIL vunlerability

Silence the best security policy - Lemos on Ranum's keynote

2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Robert Lemos is here commenting what happened.

This artifact is part of the Bundle ...Read more

OWASP Top 10 - 2017

2017 : The Open Web Application Security Project (OWASP) publish their list upon the Ten Most Critical Web Application Security Risks.Read more

Quarterly Vulnerability Challenge (iDefense Labs)

2006/10 : "iDefense Labs is [...] announce the launch of the next installment in [their] quarterly vulnerability challenge. For the 4th quarter, [they choosed to] focus on instant messaging (IM) based vulnerabilities."

This artifact is part...Read more

Google Vulnerability Report

Google Security Reward - 2015 Year in Review
Google to Pay For Bugs Found in Chromium (Threat post)
Google Ups the Bug Bounty Ante to $3133.7 (Threat post)
Google Open Source Vulnerabilities (OSV)
Security and IT Industry Leaders Form Organization for Internet Safety - Creation of OIS

2002/09/26 : "OIS [The Organization for Internet Safety] was formed to make it easier for security researchers and vendors to work together to fix security vulnerabilities. Today, there are no agreed-upon processes for handling security vulnerabilities." (see : ...Read more

History of CVE

https://www.cve.org/About/History
Subscribe to vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel