5 Principles to Vulnerability Disclosure

What is the best time for a vendor to Disclose a Vulnerability? Vulnerability disclosure is the most painful activity for any software/hardware company. Conversely, receiving vulnerability notifications from any vendor is one of the most disruptive events any organization can encounter. Rapid and unexpected vulnerability patches are a massive operational disruption. What follows are some Read More

Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end: “… Full Disclosure vs Non-Disclosure debate is dead. I learned this because my E-mail Read More