A brief history of vulnerability disclosure and bug bounty
Explore the evolution of vulnerability disclosure from the early days of full disclosure debates through the emergence of bug bounty programs. A comprehensive three-part series by Dennis Fisher covering the history that shaped modern security research.
Dennis Fisher is, in my opinion, one of the “good infosec reporters”. He's been covering cybersecurity for 10 years or more, and in that time he seen a lot of growth and evolution of the relationship between the hacker community and the people that build and protect software.
A few months ago I interviewed with Dennis to talk about what I have seen through the course of ideating and starting Bugcrowd, as well as the changes that we've seen in laws and company interactions with respect to the role of the white hat hacker in securing the Internet. Dennis interviewed a ton of the other “usual suspects” in the space like Katie Moussouris, Dino Dai Zovi, Charlie Miller, Alex RoRo Romero, Lisa Wiswell, and more - and the resulting series is a fantastic read!
Here it is:
- LAWYERS, BUGS, AND MONEY: WHEN BUG BOUNTIES WENT BOOM
- UPRISING IN THE VALLEY: WHEN BUG BOUNTIES WENT BOOM, PART TWO
- ‘DRIVE IT LIKE YOU STOLE IT’: WHEN BUG BOUNTIES WENT BOOM, PART THREE
The interesting thing about our space is it’s very loud, very topical, and easy to have an opinion on - I think this article does an excellent job of unfolding the story of the evolution of our space through the voices of those who were there.
Huge thanks to Dennis for telling our story!
