Multi-Party Vulnerability Coordination SIG Update

vulnerability coordination sig n.w
1 / 4
Embed
Share

Enhance your understanding of the latest updates and discussions from the Vulnerability Coordination SIG. Explore revised guidelines, practices, and possibilities for multi-party vulnerability disclosure. Join this SIG and contribute to coordinated vulnerability disclosure efforts.

  • Vulnerability Coordination
  • SIG Update
  • Cybersecurity
  • Disclosure
  • Guidelines
rayaanacharya
card121 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Vulnerability Coordination SIG FIRST SIG Updates 2020 Art Manion Bruce Monroe

  2. About Charter: Improve coordinated vulnerability disclosure (CVD) Multiple stakeholders, perspectives, motivations Started after June 2015 FIRST Conference Currently operating in low-power mode Meeting quarterly New members welcome https://www.first.org/global/sigs/vulnerability-coordination/

  3. Update Revised Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure v1.1 Reordered guidelines before case studies Minor, meaningful language improvements and a few small additions Editorial improvements Vendor Contact Card handed off to PSIRT-SIG Brief discussion about phased disclosure or partner program Supported CVD topics at OECD and UNIDIR Comments on ISO JTC 1/SC 27 study period on multi-party disclosure

  4. Discussion Despite low-power mode, watching for need or opportunity Phased disclosure Stronger guidance on whom to tell, when, and what? Web platforms for CVD Scale: n(n-1) Humans using n-1 other platforms? Standard API? Collect and parse policies?

Related


No related presentations.

More Related Content