Overview
This course focuses on the importance of Coordinated Vulnerability Disclosure (CVD) by providing insights from security researchers and organizations. The learning outcomes include understanding behaviors, preferences, and established practices related to vulnerability disclosure. The course teaches the skills of analyzing new research data on coordinated disclosure and highlights the evolution of CVD. The teaching method involves a presentation based on real-world examples and survey results. The intended audience for this course includes individuals with an understanding of vulnerability disclosure processes and policies.
Syllabus
Intro
The study
Disclosure without coordination
Timeline issue
Sentiment has changed
When CVD goes mainstream
Microsoft bug bounties
Facebook bug bounty
Hacking the Pentagon
What a Researchers Expect
Bug Bounty Botox
Open Source
Survey Results
Recommendations
Taught by
RSA Conference