Sign in Subscribe

disclose.io

14
Nov
DEF CON endorsed by POTUS!

DEF CON endorsed by POTUS!

Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!
6 min read
01
Oct
Iowa launches vulnerability disclosure program for election-related sites

Iowa launches vulnerability disclosure program for election-related sites

The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.
1 min read
28
Sep
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs

NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.
4 min read
29
Aug
Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)

Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)

We the undersigned cybersecurity companies and professionals write to express strong support for the IoT Cybersecurity Improvement Act (H.R. 1668). We respectfully urge you and your colleagues to support expedited passage of the bill before the end of the 116th Congress.
1 min read
27
Aug
Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01

Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01

Dear Director Krebs and CISA/DHS team, Thank you for the opportunity to comment on this Binding Operational Directive...
6 min read
07
Aug
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls

Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53)
4 min read
04
Aug
Help! I've found a vulnerability. What now?

Help! I've found a vulnerability. What now?

"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
1 min read
04
Aug
Disclose.io, VDP, Hackers, and voting

Disclose.io, VDP, Hackers, and voting

About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
2 min read
29
Jul

WTF is happening on tcp:0? 2020 edition

tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
3 min read
22
Feb
My moves for #rsac2020 & #bsidessf week

My moves for #rsac2020 & #bsidessf week

Deep breaths, because here we go again!!! The full list of Bugcrowd events can be found here… We’ve got
2 min read