From Coordinated Disclosure to Cooperative Vulnerability Research When Dealing with Critical Software Stacks

Explore a thought-provoking panel discussion on evolving vulnerability disclosure practices for critical software stacks. Delve into the potential benefits of early cooperation between security researchers and vendors, examining how this approach could enhance vulnerability detection and mitigation. Gain insights from industry experts as they discuss common misconceptions, cultural divides, and real-world examples like the Busybox vulnerability. Analyze the disconnect between developers' and security professionals' perspectives, and learn about innovative concepts such as blue bounties and vendor walls of fame. Discover strategies for normalizing vulnerability research, incentivizing vendor participation, and fostering a more collaborative approach to cybersecurity. Engage with audience questions and explore the future of coordinated disclosure in consumer technology.

Intro
Meet the Experts
The Disconnect
The Transition
Common Misconceptions
Cultural Divide
The Missing Links
Busybox Vulnerability
What can go wrong
My experience of bugs
Vendors response to disclosures
Developers perspective vs security perspective
We are still silent
Testing
Vulnerability Brokers
Normalize Vulnerability
Car Hacking
Incentives for Vendors
Vulnerability Research
Positivity
Customer perspective
Blue bounties
Working with vendors
Wall of fame for vendors
Whats the next step
Blue Bounty
Getting Vendors to Join
Github
Audience Questions
Coordinated Disclosure
Consumer Technology