Policy Pulse - Issue #10 | Week of April 14, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
policy
Policy Pulse - Issue #9 | Week of April 6, 2026
OWASP Agentic AI Top 10 redefines the disclosure landscape. Plus: OpenAI launches safety bug bounty, Langflow exploited in 20 hours, and GSA drops the first federal AI acquisition clause.
Policy Pulse - Issue #8 | Week of March 29, 2026
CVE program funding secured but transparency questions remain. Plus: lookup.disclose.io launches in beta, EU CRA countdown hits 6 months, and Rapid7 reports exploited vulns surged 105%.
Policy Pulse - Issue #7 | Week of March 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Policy Pulse - Issue #6 | Week of March 15, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: White House Cyber Strategy, CVE program funding secured, UK Computer Misuse Act reform, EU CRA vulnerability guidance, and DHS shutdown delays CIRCIA.
Policy Pulse - Issue #5 | Week of March 1, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: RUSI explores cyber deputisation and letters of marque, UK launches Cyber Essentials push, curl kills its bug bounty over AI slop, and the MITRE CVE contract enters its final two weeks.
Policy Pulse - Issue #4 | Week of February 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: Australia mandates VDPs for all smart devices, MITRE CVE contract enters final countdown, and a researcher who found children's data exposed gets threatened with prosecution.
Policy Pulse - Issue #3 | Week of February 15, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: CISA BOD 26-02 targets unsupported edge devices, MITRE CVE contract hits 30-day countdown, and UK CMA statutory defence takes shape.
Modes of Public Vulnerability Disclosure: A 2026 Update
Understanding the taxonomy of vulnerability disclosure—from private to full to coordinated—and why the industry has converged on 90 days as the rational baseline. Updated for 2026 with the latest from disclose.io Policymaker.
Policy Pulse - Issue #2 | Week of February 8, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Policy Pulse - Issue #1 | Week of February 1, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Bill Proposal: Unpacking the Cyber Conspiracy Modernization Act
The Cybercrime Conspiracy Modernization Act (CCMA), introduced by Senators Mike Rounds (R-