This course focuses on the importance of Coordinated Vulnerability Disclosure (CVD) by providing insights from security researchers and organizations. The learning outcomes include understanding behaviors, preferences, and established practices related to vulnerability disclosure. The course teaches the skills of analyzing new research data on coordinated disclosure and highlights the evolution of CVD. The teaching method involves a presentation based on real-world examples and survey results. The intended audience for this course includes individuals with an understanding of vulnerability disclosure processes and policies.
Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby
Overview
Syllabus
Intro
The study
Disclosure without coordination
Timeline issue
Sentiment has changed
When CVD goes mainstream
Microsoft bug bounties
Facebook bug bounty
Hacking the Pentagon
What a Researchers Expect
Bug Bounty Botox
Open Source
Survey Results
Recommendations
Taught by
RSA Conference
Related Courses
-
See Something, Say Something? - The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
-
From Coordinated Disclosure to Cooperative Vulnerability Research When Dealing with Critical Software Stacks
-
Green Sprouts - Encouraging Signs of Life from the Department of Defense's Security Strategy - Lisa Wiswell - USENIX Enigma Conference - 2017
-
Survey Says - Making Progress in the Vulnerability Disclosure Debate
-
To Bounty or Not to Bounty - Security@ Insights from 500 Organizations
-
An Oral History of Bug Bounty Programs
