Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby

Explore the evolution and current state of coordinated vulnerability disclosure in this 52-minute RSA Conference talk. Delve into new research data highlighting the perspectives of both security researchers and organizations on vulnerability disclosure practices. Learn about clashes between researchers and companies, timeline issues, and changing sentiments in the field. Examine case studies of successful bug bounty programs, including those from Microsoft, Facebook, and the U.S. Department of Defense. Analyze survey results and gain insights into researchers' expectations, the impact of open source, and the phenomenon of "Bug Bounty Botox." Conclude with valuable recommendations for improving coordinated vulnerability disclosure processes. Prerequisite: Familiarity with vulnerability disclosure processes and policies.