Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Disclosure Survey
Federico Biancuzzi, 2006-09-05

Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process. In three parts.

Comments Mode:
Disclosure Survey 2006-09-05
LonerVamp (1 replies)
Re: Disclosure Survey 2006-09-05
Matthew Murphy
Disclosure survey 2006-09-05
Todd Knarr
The Invisible Hand of 'Responsible Disclosure' 2006-09-06
Michael Sutton
While the survey does not lead to any unexpected conslusions, it is interesting nonetheless. I don't however understand why we spend so much time trying to define 'responsible disclosure'. Vendors and researchers do not agree on what it means and they never will.

Biancuzzi's survey inspired me to write a blog on my thoughts on the state of vulnerability disclosure in the security industry. That post can be found at the following link:
http://portal.spidynamics.com/blogs/msutton/archive/2006/09/
06/The-Invisible-Hand-of-_2700_Responsible-Disclosure_2700_.
aspx

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/415/33901#33901




 

Privacy Statement
Copyright 2009, SecurityFocus