Tag: responsible disclosure

Responsible madness?

The debate on responsible disclosure is about as old as IT security itself. In a guest post for Virus Bulletin Robert Neumann suggests we need to reconsider a one-size-fits-all solution and instead look for a well-respected independent organization to handle security issues. (All views expressed in this article are the author’s own and do not…

October 22, 2019
Paper: All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

The rise of bug bounties in recent years has created an incentive for hackers to hunt for vulnerabilities in a lot of software and services. But what about those software projects that can’t pay bounties, because they are developed by volunteers? Thankfully, some researchers are devoting their time to such projects and to helping them…

March 30, 2016
VB2014 preview: keynote and closing panel

Vulnerability disclosure one of the hottest issues in security. In the proceedings of the 24th Virus Bulletin conference , the words ‘vulnerabilty’ and ‘vulnerabilities’ occur more than 200 times. I think there is no better way to demonstrate how important a topic this is. Some approach vulnerabilities from a purely defensive point of view: how…

September 16, 2014