Versions Compared

Old Version 5

changes.mady.by.user user-f8986

Saved on

compared with

New Version Current

changes.mady.by.user user-5e993

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • 92% of researchers participate in some form of CVD.
  • 70% of researchers expected regular communication from the vendor about their report. Frustrated expectations were often cited as the reason for abandoning the CVD process
  • 60% of researchers cited threat of legal action as a reason they might not work with a vendor to disclose
  • 15% of researchers expected a bounty in return for their disclosure

Panel
borderStylesolid

< 2.1. Reduce Harm | 2.3. Avoid Surprise >

References

  1. I Am The Cavalry, "5 Motivations of Security Researchers," [Online]. Available: https://www.iamthecavalry.org/motivations/. [Accessed 17 May 2017].
  2. National Telecommunications and Information Administration, "Multistakeholder Process: Cybersecurity Vulnerabilities," 15 December 2016. [Online]. Available: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-cybersecurity-vulnerabilities. [Accessed 17 May 2017].
  3. NTIA Awareness and Adoption Working Group, "Vulnerability Disclosure Attitudes and Actions: A Research Report from the NTIA Awareness and Adoption Group," 15 December 2016. [Online]. Available: https://www.ntia.doc.gov/files/ntia/publications/2016_ntia_a_a_vulnerability_disclosure_insights_report.pdf. [Accessed 6 June 2017].