Episode 283 – When vulnerability disclosure becomes dangerous

Josh and Kurt talk about a very difficult disclosure problem. What happens when you have to report a vulnerability to an ethically questionable company? It’s less simple than it sounds, many of the choices could end up harming victims. Show Notes Disclosure Dilemmas @evacide Bob Diachenko This Is How They Tell Me The World Ends

It’s time to fix CVE

The late, great, John Lewis is well known for a quote about getting into trouble. Never, ever be afraid to make some noise and get in good trouble, necessary trouble. It’s time to start some good trouble. Anyone who knows me, reads this blog, or follows me on Twitter, is well aware I have beenContinue reading “It’s time to fix CVE”

Episode 223 – Full disclosure won, deal with it

Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won. Show NotesContinue reading “Episode 223 – Full disclosure won, deal with it”