Tags vulnerability disclosure
Facebook rejects new allegation that it protected employees over users in 2018 breach
The plaintiffs say the company knew about the problem with "access tokens" for years and chose to protect its own employees before fixing the problem for users.
Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs
The industry has some very particular challenges to work out before establishing a coordinated vulnerability disclosure program. But the big companies are changing their thinking.
Feds plan to use SecureDrop as a vulnerability reporting portal
The plan is for DEF CON to host the servers for the vulnerability reporting, acting as a bridge between hackers and the government.
What Capital One's cybersecurity team did (and did not) get right
It's not great that a lone engineer was able to pull data from 106 million people. But this was far from Equifax 2.0.
NSA to establish new Cybersecurity Directorate to boost defense
Anne Neuberger, who is leading the intelligence agency's task force on Russian election interference, will become the NSA's first director for cybersecurity.
This firmware flaw was bad enough, but then researchers looked at the supply chain
Lenovo servers had a conspicuous security problem, but specialists at hardware-security company Eclypsium found that the story was much bigger.