Observations on Responsible Vulnerability Disclosure in Practice

The facade of the Finnish parliament reflected on the window of the Finnish Parliament Annex. Image © Lari Huttunen.

Researchers: The First Obstacle is Often the Steepest

Vendors: Vulnerability Disclosure Process 101

  • Guidelines: what is expected of a researcher either performing research or trying to report an issue they have discovered.
  • Scope: what is in the scope of acceptable vulnerability research, e.g. domains, products, services.
  • Test methods: what is out of scope, such as performing a DDoS attack or social engineering.
  1. Come up with a mitigation for the issue if possible.
  2. Fix the issue.
  3. Make the fix available to your users.
  4. Publish the issue.
  1. identify specific issues with your software
  2. the versions they affect
  3. what is the impact
  4. and most importantly, which version(s) contain the fixes.

Case Study: Integrity Checking — an Integral Part of Cyber Security

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lari Huttunen

Lari Huttunen is a polyglot linguist with an avid interest in defensive cyber security. Read more at: https://public-exposure.inform.social/author/lari-huttunen