Security News > 2018 > November > Oracle and "Responsible Disclosure"

Oracle and "Responsible Disclosure"
2018-11-14 12:46

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabilities, and software vendors agree not to harass researchers and fix the vulnerabilities quickly. When that agreement breaks down, things go bad quickly. This...


News URL

https://www.schneier.com/blog/archives/2018/11/oracle_and_resp.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 698 249 2225 1709 366 4549