Policy
Where security meets society: advocacy, legal reform, government work, safe harbor, disclose.io mission
NIST: Vulnerability Disclosure as a Requirement for Every Organization
What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity r
Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22
Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.
Establishing asset ownership in vulnerability reporting
The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
Modes of Public Vulnerability Disclosure
A proposed taxonomy... Discovery, Documentation, Distribution.
DEF CON endorsed by POTUS!
Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!
VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections
“All software is vulnerable,” Bugcrowd CTO Casey Ellis said. “It just depends on how long you’re taking to look to find those vulnerabilities. Humans write code, and humans make mistakes.”
Iowa launches vulnerability disclosure program for election-related sites
The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.
Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)
We the undersigned cybersecurity companies and professionals write to express strong support for the IoT Cybersecurity Improvement Act (H.R. 1668). We respectfully urge you and your colleagues to support expedited passage of the bill before the end of the 116th Congress.
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls
Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy Contro
Help! I've found a vulnerability. What now?
"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
Disclose.io, VDP, Hackers, and voting
About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.