Disclosure Survey

Disclosure Survey
Federico Biancuzzi, 2006-09-05

Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process. In three parts.

The Invisible Hand of 'Responsible Disclosure' 2006-09-06
Michael Sutton

While the survey does not lead to any unexpected conslusions, it is interesting nonetheless. I don't however understand why we spend so much time trying to define 'responsible disclosure'. Vendors and researchers do not agree on what it means and they never will.

Biancuzzi's survey inspired me to...

[ more ]