What we have published

Fill 4

ERNW White Paper 50

Vulnerability Disclosure Reflections CaseStudy

Vulnerability disclosure has been a topic of fierce debates in the recent years. That’s not in the least, usually a number of ethical questions are involved and proponents of different perspectives assign different weights and priorities to the values touched. In this paper we will discuss some of the questions involved, how they can be tackled and how we handle some of them in the past (and which developments make us consider it necessary to re-think our way of handling). The piece is organized as follows: first we provide a short overview of approaches to vulnerability disclosure and why we followed a specific one (“responsible disclosure”). We will then discuss potential problems with responsible disclosure which have arisen in the interim. To illustrate these (types of) issues we will discuss a specific case study we’ve been involved with. Furthermore, we will formulate a set of questions to stimulate further discussion of the topic. It should be noted that this paper is written from a highly personal perspective and it’s not meant to provide definitive answers, but to raise awareness of the inherent challenges of the process.