disclose.io Establishing asset ownership in vulnerability reporting The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
disclose.io Van Buren v. United States - Oral Argument The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.
election security Iowa launches vulnerability disclosure program for election-related sites The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.
disclose.io Information Asymmetry and the 1950s Nuclear Bounty Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.
policy NIST SP 800-53 R5 adds Vulnerability Disclosure Programs NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.
policy Disclose.io, VDP, Hackers, and voting About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
