Analyst207Jun 6

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown

Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

https://osintsights.com/microsoft-revives-vulnerability-disclosure-debate-with-researcher-crackdown?utm_source=mastodon&utm_medium=social

#VulnerabilityDisclosure #CoordinatedDisclosure #ZeroDay #Microsoft #ResponsibleDisclosure

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown

Microsoft cracks down on vulnerability disclosure, sparking debate. Learn how coordinated disclosure impacts security research and what it means for you, read now.

OSINTSights
HN SecurityApr 23, 2025
We have identified some security vulnerabilities (CVE-2025-1731) in Zyxel USG FLEX H Series firewall appliances, that allow local users with access to a Linux OS shell to escalate privileges to root.

https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731

#Zyxel #VulnerabilityResearch #CoordinatedDisclosure
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) - hn security

“So we wait, this is our […]

hn security
Harry SintonenFeb 18, 2025

#OpenSSH client is vulnerable to MitM attacks if VerifyHostKeyDNS is enabled - https://www.openwall.com/lists/oss-security/2025/02/18/1

#CVE_2025_26465 #coordinateddisclosure #infosec #cybersecurity

oss-security - MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

CVE ProgramOct 2, 2024
We Speak CVE Podcast episode 26 now available!
“CNA Onboarding Process Myths Versus Facts”
https://youtu.be/N22bsppsJSQ

#CVE #Vulnerability #VulnerabilityManagement #Cybersecurity #EOL #CoordinatedDisclosure #InformationSecurity
CNA Onboarding Process Myths Versus Facts

YouTube
floyd aka floyd_chAug 22, 2023
As they are not responding to emails, we are looking for security contacts at Atos/Unify for #coordinatedDisclosure #responsibledisclosure purposes. Please help finding someone, the 2 week initial response deadline is ticking fast... #vulnerability
floyd aka floyd_chJun 21, 2023
#coordinateddisclosure is such a pain. Vendor with PGP key on website, we send encrypted advisory. They reply they can‘t decrypt and ask if we exchanged keys already… *sigh* disclosure timeline is running though
floyd aka floyd_chNov 23, 2022
Interessanter Artikel zu #CoordinatedDisclosure https://www.inside-it.ch/kontroverse-nach-ende-des-organspende-registers-wann-muessen-luecken-oeffentlich-werden-20221122
Kontroverse nach Ende des Organspende-Registers: Wann müssen Lücken öffentlich werden?

Die Tragödie um das Register von Swisstransplant kennt nur Verlierer. Die Schweiz braucht eine politische Diskussion zu Datenbanken mit sensiblen Informationen und zum Meldeverfahren von Sicherheitslücken.

ITSEC NewsDec 29, 2021
Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos - In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm... https://feeds.feedblitz.com/~/676472216/0/thesecurityledger~Episode-Unpacking-LogShell%e2%80%99s-Uncoordinated-Disclosure-Chaos/ #criticalinfrastructure #coordinateddisclosure #apachefoundation #vulnerabilities #markstanislav #disclosure #companies #log4shell #spotlight #interview #podcasts #threats #log4j
Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos |

Mark Stanislav, a Vice President at Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the flaw in Log4j.

The Security Ledger with Paul F. Roberts
ITSEC NewsSep 4, 2020
Facebook Debuts Third-Party Vulnerability Disclosure Policy - If the social-media behemoth finds a bug in another platform's code, the project has 90 days to re... https://threatpost.com/facebook-third-party-vulnerability-disclosure-policy/158976/ #vulnerabilitydisclosurepolicy #coordinateddisclosure #publicdisclosure #vulnerabilities #thirdpartycode #websecurity #opensource #bugbounty #facebook #90days #vdp
Facebook Debuts Third-Party Vulnerability Disclosure Policy

If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.

Threatpost - English - Global - threatpost.com
ITSEC NewsJan 8, 2020
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy - Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes availab... more: https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/ #vulnerabilitydisclosure #coordinateddisclosure #vulnerabilities #policychanges #projectzero #bugbounty #90days #google
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy

Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.

Threatpost - English - Global - threatpost.com