Tags vulnerability disclosure
DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits
The DEF Con Voting Village is calling for “more comprehensive studies” of equipment that is increasingly a part of the voter experience.
What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon
Voting equipment vendors have heard presentations from Bugcrowd, HackerOne, and Synack, according to ES&S's Chris Wlaschin.
Facebook rejects new allegation that it protected employees over users in 2018 breach
The plaintiffs say the company knew about the problem with "access tokens" for years and chose to protect its own employees before fixing the problem for users.
Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs
The industry has some very particular challenges to work out before establishing a coordinated vulnerability disclosure program. But the big companies are changing their thinking.
Feds plan to use SecureDrop as a vulnerability reporting portal
The plan is for DEF CON to host the servers for the vulnerability reporting, acting as a bridge between hackers and the government.
What Capital One's cybersecurity team did (and did not) get right
It's not great that a lone engineer was able to pull data from 106 million people. But this was far from Equifax 2.0.
