By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.

In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.

The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside.

Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.

Security and policy experts make another call for additional transparency around the government’s Vulnerabilities Equities Process and the zero days it has in its possession.

Google Project Zero announced a six-month Android bug bounty program that requires researchers to file bugs as they find them, rather than hoard the whole chain.