Vulnerability disclosure means sharing information about weaknesses or flaws found in software, systems, or technology. It involves informing the responsible parties, such as companies or developers, about these vulnerabilities so they can fix them and make their products safer. It helps protect users from potential cyber threats and makes technology more secure.
Full definition
«First State hadn't at that point had a clear
vulnerability disclosure policy and hadn't built out the muscle, so to speak, of interacting with hackers on the Internet,» says Casey Ellis, Bugcrowd's founder and, since fall, its chief technology officer.
To help identify and mitigate the next generation of Spectre and Meltdown speculative execution flaws in CPUs, Microsoft and Intel are offering researchers up to $ 250,000 if they share their discoveries as part of a
coordinated vulnerability disclosure program.
The Chinese
vulnerability disclosure program is lagging behind when it comes to publishing details about critical flaws and vulnerabilities exploited by Chinese - linked cyber-espionage groups.
He warned that speculative execution side - channel vulnerabilities «require an industry response» and said that Microsoft would share the research disclosed to it in the program under the coordinated
vulnerability disclosure principles.
Intel said its embargo, which limited knowledge of the flaws to Google, Apple, Microsoft, and Arm, was in line with industry standards
for vulnerability disclosure and incident response.
Back in 2016, after Google went public with a flaw that could allow an attacker to install a backdoor on Windows users» computers, Microsoft's Terry Myerson was so aggravated with Google that he wrote, «We believe responsible technology industry participation puts the customer first, and requires
coordinated vulnerability disclosure.
The tech world may have to accept
that vulnerability disclosure is not a panacea.
Gevers is also the chairman of the GDI Foundation, a non-profit organization that coordinates
vulnerability disclosures and works to secure exposed devices.
Establish
a vulnerability disclosure policy and bug bounty program.
In the meantime, those curious about all the little technical details behind
the vulnerability disclosure can peruse the full report on Rashid's official blog here.
«While we acknowledge that critical vulnerabilities such as these create challenging trade - offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated
vulnerability disclosures,» the committee leaders wrote.
Each vulnerability disclosure, as with any disclosed by the Project Zero team, includes a proof - of - concept exploit.
«We believe in coordinated
vulnerability disclosure, and today's disclosure by Google puts customers at potential risk,» a Microsoft spokesperson told VentureBeat.
Users and exchanges could not have done anything to protect themselves prior to
the vulnerability disclosure.
More security news Netflix asks you to start hacking, bug bounty program is now public Dropbox updates
its vulnerability disclosure policy to protect researchers Mark Zuckerberg outlines Facebook's response to Cambridge Analytica controversy Securing Facebook: