Vulnerability Disclosure

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased.

Patch Tuesday Returns; Microsoft Quiet on Postponement

Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday.

Policy Experts Push To Make Vulnerability Equities Process Law

By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.

Bug Hunters Prefer Communication Over Compensation

by Michael Mimoso

December 15, 2016

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.

DoD Publishes Vulnerability Disclosure Policy

by Michael Mimoso

November 22, 2016

In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.

Gang Up on the Problem, Not Each Other

by Katherine Carpenter

November 17, 2016

The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside.

Google Reveals Windows Kernel Zero Day Under Attack

by Michael Mimoso

October 31, 2016

Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.

Experts Want Transparency From Government’s Vulnerabilities Equities Process

by Michael Mimoso

September 20, 2016

Security and policy experts make another call for additional transparency around the government’s Vulnerabilities Equities Process and the zero days it has in its possession.

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

by Michael Mimoso

September 14, 2016

Google Project Zero announced a six-month Android bug bounty program that requires researchers to file bugs as they find them, rather than hoard the whole chain.

St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters

by Michael Mimoso

September 7, 2016

St. Jude Medical yesterday filed a lawsuit alleging that Muddy Waters and Med Sec made false claims and attempted to manipulate St. Jude stock.

The first stop for security news | Threatpost

Vulnerability Disclosure

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

Patch Tuesday Returns; Microsoft Quiet on Postponement

Policy Experts Push To Make Vulnerability Equities Process Law

Bug Hunters Prefer Communication Over Compensation

DoD Publishes Vulnerability Disclosure Policy

Gang Up on the Problem, Not Each Other

Google Reveals Windows Kernel Zero Day Under Attack

Experts Want Transparency From Government’s Vulnerabilities Equities Process

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters

Editor's Picks

ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’

Open MQTT Servers Raise Physical Threats in Smart Homes

Google Chrome Bug Opens Access to Private Facebook Information

Microsoft Cortana Flaw Allows Web Browsing on Locked PCs

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

The first stop for security news | Threatpost

Topics

Authors

Threatpost

Subscribe to our Threatpost Today newsletter

Vulnerability Disclosure

Editor's Picks

Subscribe to Threatpost Today

Subscribe to our newsletter, Threatpost Today!

The first stop for security news | Threatpost

Topics

Authors

Threatpost

**Subscribe to our Threatpost Today newsletter**