Security news that informs and inspires

Archive

5 results for tag Vulnerability Disclosure:

The Tightrope Walk of Vulnerability Disclosure Windows and Patch Adoption

Google Project Zero's recent tweaking of its vulnerability disclosure window reflects how researchers are taking into account patch adoption when mulling disclosure policies.

Vulnerability, Vulnerability Disclosure, Vulnerability Management, Google Project Zero

Majority of U.S. Government Agencies Have Launched VDPs

On the heels of a September mandate from CISA, 90 percent of cabinet-level agencies have now published a vulnerability-disclosure policy (VDP).

Government, Government Agencies, Vulnerability Disclosure, Vulnerability Management

CISA Seeks Comments on How Government Should Handle Vulnerability Reports

There is still time for security professionals in and out of government to weigh in on CISA's soon-to-be-released directive on how federal agencies should handle vulnerability reports.

Government, Vulnerability Disclosure

Disclose.io Offers Security Researchers Safe Harbor

Disclose.io provides a clear legal framework to protect organizations and researchers engaged in vulnerability disclosure programs. The goal is to protect those engaged in good-faith security research from legal action.

Vulnerability Disclosure, Bug Bounty, Bugcrowd

Vulnerability Disclosure Doesn’t Mean Scaring Users

The disclosure this week of several new vulnerabilities in AMD chips--without any technical details--has again raised concerns about the way some researchers choose to deal with vendors on vulnerability research.

Vulnerability Disclosure