And like many highly charged issues, the debate comes with high stakes. Publicly disclose a vulnerability, and risk the outbreak of a widespread zero-day attack. Reveal it in private, and risk the ...
Responsible disclosure is built on an assumption that “doing the right thing” will be met with timely action, fair treatment, and professional respect, if not a bounty award. Increasingly, that ...
The debate on what constitutes responsible disclosure has been running for some 20 years, with no end in sight. It’s not difficult to see why, with passionate researchers always on the hunt for bugs, ...
The debate in the security community about disclosure shows no signs of abating. This article explores both sides of the argument and puts forward suggestions for organizations looking to improve ...
Google's security team on Tuesday asked the computer security community to reconsider the meaning of responsible disclosure and to adopt a more rigorous approach in order to respond more quickly to ...
Bugcrowd is continuing its open-source approach to vulnerabilities with a guide for companies looking to set up their own responsible disclosure programs. True to its name, Bugcrowd looks to ...
Today at Black Hat in Las Vegas, Gorenc told Infosecurity that to date this year, 200 vulnerabilities have been discovered, purchased and patched through the HP ZDI bounty program. A further 120 have ...
A few weeks ago, I wrote about a Windows kernel vulnerability that was reported to Microsoft on October 22, 2004 and remained unpatched for more than two years. This is a bug I've been following ...
We all know the importance of identifying and managing vulnerabilities in our systems, as well as patching them as soon as we can, taking into account the need to test critical system patches before ...