Vulnerability disclosure: the Code Red lessons
The Code Red sequence has clarified the disclosure-versus-deployment timing problem in ways that the more abstract debate has not. A walk through what the data teaches.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged disclosure — 3 results.
Disclosure under NDA: when secrecy is the right choice
I have spent the past month reviewing a vulnerability for a vendor under a non-disclosure agreement. The exercise has clarified my thinking about when NDA-mediated disclosure is appropriate.
Vulnerability disclosure: CERT versus full disclosure
The disclosure conversation has been quietly maturing all year. CERT's coordinated disclosure model and Bugtraq's full disclosure model are converging in interesting ways. A walk through where things now stand.