Casey Ellis, founder, chairman and CTO of Bugcrowd, discusses the future of vulnerability disclosure programs.
Casey Ellis joins Lindsey O'Donnell-Welch to discuss the evolution, adoption and standardization of vulnerability disclosure programs - both in the U.S. and across the globe.
Google Project Zero's recent tweaking of its vulnerability disclosure window reflects how researchers are taking into account patch adoption when mulling disclosure policies.
On the heels of a September mandate from CISA, 90 percent of cabinet-level agencies have now published a vulnerability-disclosure policy (VDP).
There is still time for security professionals in and out of government to weigh in on CISA's soon-to-be-released directive on how federal agencies should handle vulnerability reports.