451 Research: Exploring Coordinated Disclosure
What Will You Learn?
Vulnerability disclosure has always been a hot topic among security practitioners, particularly the notion of coordinated disclosure – where a security researcher identifies a flaw and notifies a company, and then the two work together to fix and publicly disclose the flaw. Veracode recently commissioned this survey from 451 Research to learn more about how widely accepted this practice really is, and where the pain points reside.
- A brief history of vulnerability disclosure
Today’s perceptions of disclosure
- The appropriate time frame for a company to correct a vulnerability once notified
- The attitudes toward a coordinated disclosure policy from both the organization and the external security researchers
- Thoughts and experiences with bug bounties, and so much more