vulnerability disclosure

Schneier - Crypto-Gram March 15, 2002

2002/03/15 : Schneier published his monthly newsletter.
Schneier gives this time a summary of the vulnerabilitiy disclosure actual issues.

"The history of the vulnerability's discovery and publication is an interesting story, and illustrates the...Read more

Verschlüsselte E-Mails sind nicht sicher (Süddeutsche article)

2018/05/14: Article on the EFAIL vulnerbilities concerning OpenPGP and S/MIME encrypted emailRead more

Remote print server gives anyone Windows admin privileges on a PC

2021/07/31 : Lawrence Abrams writes a paper about a new event of full disclosure.

"A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver."Read more

The realities of Disclosure : Morgenstern and Parker on Christey and Wysopal failure

2002/07/12 : Michael Morgenstern and Tom Parker point to the failure of Christey and Wysopal's willingness to put in place common measures for responsible disclosure.

"Unfortunately, Steve Christey and Chris Wysopol's RFC of February...Read more

Mozilla Bumps Bug Bounty to $3,000

2010/07/16 : "In an effort to enlist more help finding bugs in its most popular software, such as Firefox, Thunderbird and Firefox Mobile, Mozilla is jacking up the bounty it pays to researchers who report security flaws to $3,000."Read more

Sarah Jamie Lewis’s thread releasing vulnerability report in the Swiss Post e-voting system

Ranum Keynote Slides (Black Hat Conference 2000)

2000/07/26 : Here are the slides of Ranum keynote at the US Black Hat conference.

Between 1999 and the mid 2000s, Ranum developed his critique of full disclosure, and he presented it as the keynote speech of the US...Read more

Full Disclosure is a necessary evil - Elias Levy

2001/08/15 : Elias Levy continues the full disclosure debate.Read more

Silence the best security policy - Lemos on Ranum's keynote

2000/07/26 : Ranum beggan a big debate with his keynote speech of the US Black Hat conference in Las Vegas, in 2000. Robert Lemos is here commenting what happened.

This artifact is part of the Bundle ...Read more

How do we define Responsible Disclosure? - Shepherd

2003/04/22 : Stephen A. Shepherd define what is responsible disclosure and make a summary of vulnerability disclosure history at this stage.Read more

Whacked Mac collection CD (L0pht)

https://archive.org/details/WhackedMacCD
Google 7-days disclosure

2013/05/29 : Google agreed for 7-days to fix critical vulnerabilities. 

"Based on our experience, however, we believe that more urgent action -- within 7 days -- is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that...Read more

Subscribe to vulnerability disclosure
Need help with PECE?
Join the PECE Slack channel