The Security Pros Guide To Responsible Vulnerability Disclosure

Jul 08, 2013


The Security Pro’s Guide To Responsible Vulnerability Disclosure

Since the early days of “ethical hacking” and security vulnerability analysis, researchers have followed a time-honored set of rules and traditions as to how to reveal the vulnerabilities they discover in a way that gives the bad guys as small a window as possible to ­exploit potential security holes in systems and software. With the advent of “bug bounties” and offers from cybercriminals and government agencies, however, a new vulnerability today has a higher price than ever before.

Technology providers are responding to vulnerabilities faster and more openly than ever, which puts an increasing burden on enterprise IT professionals to respond in kind. This requires increased vigilance, not to mention adequate resources to deal with ­vulnerabilities. 

This Dark Reading report lays out the new vulnerability reporting and remediation “rules” and provides context around the changing relationship among security ­researchers, black-hat hackers, technology providers and enterprise IT professionals. (S7170713)



Research Report