Sign in Subscribe

disclose.io

13
Jun

Builders and Breakers: Partnering for Secure Elections

In September 2023, the IT-ISAC Elections Industry SIG launched a first-of-its kind pilot program in which election technology providers gave security researchers access to modern voting technology under the principles of Coordinated Vulnerability Disclosure.
5 min read
17
Sep
DEF CON 31 Policy - All Your Vulns Are Belong to Terms and Conditions

DEF CON 31 Policy - All Your Vulns Are Belong to Terms and Conditions

DEF CON 31 Policy - All Your Vulns Are Belong to Terms and Conditions - DEF CON panel featuring David Rogers, Katie Trimble-Noble, Harley Geiger, and myself. Recorded on September 15, 2023 at DEF CON 31 in Las Vegas, Nevada.
34 min read
21
Aug
#HSC2022 in Pics

#HSC2022 in Pics

A small selection of selfies and pics from #HSC2022. It was a good homecoming.
5 min read
04
Aug
9 Must-See Talks at #hackersummercamp 2022

9 Must-See Talks at #hackersummercamp 2022

Here's a list of the talks that I'm going to get myself along to at Blackhat and DEF CON this year, and why...
3 min read
22
May
My "office" setup - Part 2

My "office" setup - Part 2

This is a follow up from https://cje.io/2021/03/28/my-office-setup which is worth reading first if you haven't yet... Everything in Part 1 is still in play - Part 2 talks through some optimizations and a couple of additions.
4 min read
16
May
The iOS FaceTime vulnerability: What it means and what you can do to protect yourself

The iOS FaceTime vulnerability: What it means and what you can do to protect yourself

Yesterday news broke that a bug in FaceTime that allows callers to listen to the audio of the person they
3 min read
16
May
On disclosure, confidentiality, and norms…

On disclosure, confidentiality, and norms…

A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet
3 min read
08
May
On Project Zero's 90+30 vulnerability disclosure policy changes

On Project Zero's 90+30 vulnerability disclosure policy changes

Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
4 min read
22
Feb
Establishing asset ownership in vulnerability reporting

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
3 min read
20
Feb
Modes of Public Vulnerability Disclosure

Modes of Public Vulnerability Disclosure

A proposed taxonomy... Discovery, Documentation, Distribution.
3 min read