Found 2 bookmarks
Custom sorting
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
On patch Tuesday last week, Microsoft released an update for CVE-2024-38112, which they said was being exploited in the wild. We at the Trend Micro Zero Day Initiative (ZDI) agree with them because that’s what we told them back in May when we detected this exploit in the wild and reported it to Microsoft. However, you may notice that no one from Trend or ZDI was acknowledged by Microsoft. This case has become a microcosm of the problems with coordinated vulnerability disclosure (CVD) as vendors push for coordinated disclosure from researchers but rarely practice any coordination regarding the fix. This lack of transparency from vendors often leaves researchers who practice CVD with more questions than answers.
#zerodayinitiative#EN#2024#CVE-2024-38112#Microsoft#CVD#transparency#disclosure
·zerodayinitiative.com·
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
Let’s Encrypt is proud to introduce Sunlight, a new implementation of a Certificate Transparency log that we built from the ground up with modern Web PKI opportunities and constraints in mind. In partnership with Filippo Valsorda, who led the design and implementation, we incorporated feedback from the broader transparency logging community, including the Chrome and TrustFabric teams at Google, the Sigsum project, and other CT log and monitor operators. Their insights have been instrumental in shaping the project’s direction.
#letsencrypt#EN#2024#transparency#Sunlight#Certificate
·letsencrypt.org·
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt