2021/03/08 : Here is the survey and statistics of the ethical hacker community for the year of 2021.
This artifact is part of the HackerOne Reports and Guidelines Bundle.Read more
2000/07/15 : Bruce Schneier publishes his monthly crypto-gram, talking about the full disclosure CIA just faced and Counterpane Internet Security News, among other things.
This artifact is part of the ...Read more
2004/01/13 : The National Infrastructure Advisory Concil published in January 2004 their Final report and recommendations on vulnerability disclosure.
"The NIAC reached consensus that the nation’s interests are advanced by a commitment by all stakeholders in...Read more
2019/03/25: Public vulnerability report in the SwissPost e-voting system. Explanation and proof of the vulnerability. This is the second report showing vulnerabilities in this e-voting system by the security researchers team of Sarah Jamie Lewis, Vanessa Teague, and Olivier Pereira.
...Read more
2002/02/28 : Steven M. Bellovin and Randy Bush shows the utility of obscurity and open discussions on vulnerabilities. Read more
2006 : "The purpose of this paper is to look at economic vulnerability models that exist in the market today and analyze how they affect vendors, end users and vulnerability researchers." (Nagle and Sutton, p.2)Read more
2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.
Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more
2001/01 : Heiser gives his critique on full disclosure.
"The concept of full disclosure is, indeed, ambiguous, serving as a
politically correct shield behind which all manner of self-serving behavior
can be justified." (p. 2)Read more
2021/09/24 (in ArsTechnica) : Ethical hackers are fed up with the inefficiency of Apple's bug bounty program. This is how three iOS 0-days were revealed by researcher frustrated. Jim Salter explains the situation.
This artifact is part of the ...Read more