Can Vulnerability Disclosure Processes Be Responsible, Rational, and Effective?

"Can Vulnerability Disclosure Processes Be Responsible, Rational, and Effective?", by Larissa Shapiro, Internet Security Consortium

**Disclaimer: The views and opinions expressed in this video are those of the speaker(s) and do not necessarily reflect the views of the USENIX Association. **

ISC produces critical infrastructure software and services upon which the Internet and telecommunications industries depend. Through our Phased Vulnerability Disclosure process, we provide rational disclosure of vulnerabilities through a series of notifications, so industry can prepare without rushed actions, and critical infrastructure can be upgraded without "bad guys" knowing about the vulnerability. As an organization dedicated to open source software and open process, ISC is publishing the policies, processes, and tools involved. Please join us as we walk through a new model that vendors and operators can use to roll out security fixes without adding to operational risk.