Over the next two years, vulnerability disclosure will evolve from a predominantly altruistic endeavor to one that actively damages organizations. Attackers will search for, and publicly disclose, ...

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical. The process of vulnerability disclosure has ...

The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its ...

Billington Global Automotive Cybersecurity Summit panel on coordinated vulnerability disclosure programs. Credit: CSPAN Back in July 2016 at the first-ever Billington Global Automotive Cybersecurity ...

Chairwoman Nancy Mace (R-SC) speaks before a House hearing at the US Capitol on June 22, 2023 in Washington, DC. The House Committee on Oversight and Accountbility Subcommittee on Cybersecurity, ...

The State of Maryland has launched a cybersecurity initiative aimed at improving resilience and coordination across all levels of government. The Office of Security Management has rolled out a ...

Much like the Department of Defense has increasingly looked to white-hat ethical hackers to seek out vulnerabilities in its systems over the past five years, the department also believes those ...

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Sometimes ...

A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...

Better communication and collaboration between researchers and vendors and improved bug reporting mechanisms could help address confusing and sometimes wholly suppressed bug reports. In its July Patch ...

We all know the importance of identifying and managing vulnerabilities in our systems, as well as patching them as soon as we can, taking into account the need to test critical system patches before ...

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake—which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from ...