Most software vendors already have mature processes in place for handling vulnerability disclosures
, she said.
However, according to the X-Force report, vulnerabilities disclosed by independent researchers are twice as likely to have zero-day exploit code published, calling into question how researchers practice vulnerability disclosure
and signifying the need for a new standard in the industry.
Sourcefire Inc (Nasdaq: FIRE), a provider of intrusion prevention, has announced that the Sourcefire Vulnerability Research Team (VRT) delivered rules that protected Sourcefire customers and Snort users for almost a month prior to the recent Microsoft vulnerability disclosure
(Microsoft Security Bulletin MS07-061).
E]ach stakeholder involved in vulnerability disclosure
may adopt a differing view regarding the scope and type of role they are willing take [sic].
The Organization for Internet Safety, a loose consortium of software and security companies, yesterday published version one of its first version of vulnerability disclosure
guidelines, and a six month timeline has been set for the next release.
It proposes that the government: set up a national cyberspace monitoring system, push more secure Internet security standards, create a reliable system for vulnerability disclosure
, and improve cyber-security training.
Kaspersky Lab will finally also offering up to USD 100,000 in increased bug bounty rewards to independent security researchers who detect vulnerabilities in company products through its Coordinated Vulnerability Disclosure
programme by the end of 2017.
The action does not touch several critical areas, like the insecurity of 'internet of things' devices, data breaches or vulnerability disclosure
A debate has been raging for at least the last 10 years concerning the rights and wrongs of vulnerability disclosure
It became the topic of the day for security professionals recently when two giants of the industry, Microsoft and Google, had a public disagreement about how to handle disclosure after a Google researcher went public with a vulnerability only days after Microsoft were informed.
The busiest month in 2006 for vulnerability disclosure
was June, while the busiest week was the week before Thanksgiving in November and the most popular day of the week to disclose vulnerabilities was Tuesday.