#CoordinatedDisclosure

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu

by

July 15, 2024 at 11:10AM Microsoft released a patch to fix a zero-day exploit, CVE-2024-38112, in its proprietary browser engine for Internet Explorer, without crediting Trend Micro’s Zero Day Initiative (ZDI) which had reported the vulnerability to Redmond in May. ZDI contends that the flaw is a critical remote code execution issue, while Microsoft deems … Read more

An Argument for Coordinated Disclosure of New Exploits

by

May 30, 2024 at 10:06AM In 2023, over 23,000 vulnerabilities were disclosed, leading to a race to release exploits. Coordinated disclosure involves alerting vendors and waiting to publicly release findings. Full disclosure argues for immediate transparency to prompt patches. Responsible disclosure is crucial due to the potential exploitation of vulnerabilities. Publicly releasing exploit research can … Read more