Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070
Research

Reviewing 90 Day Responsible Disclosure Policies in 2022

Research Podcast

August 30 · 33 minutes

In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time to push a fix out before the original flaw can be announced.

 

However are we in a time where this time period still works? Some vulnerabilities can be fixed fairly rapidly as we work in cloud environments, while others can be more challenging to fix - such as in OT. We talked to Tenable’s Ivan Belyna and Nick Miles about the evolution of the 90 day policy, and its present and future, and what use advanced disclosure is to security leaders and to the wider industry. 

Show References

 

Follow along for more from Tenable Research: