Page History
...
Conference Schedules and Disclosure Timing
...
Conference
...
schedules
...
often
...
drive
...
researcher
...
timelines.
...
This
...
is
...
a
...
big
...
one.
...
There
...
is
...
a
...
rhythmic
...
cycle
...
to
...
the
...
vulnerability
...
disclosure
...
calendar.
...
Black
...
Hat
...
[1]
...
and
...
DEF
...
CON
...
[2]
...
happen
...
in
...
early
...
August
...
every
...
year.
...
Usenix
...
Security
...
[3]
...
is
...
usually
...
right
...
after
...
that.
...
The
...
RSA
...
Conference
...
[4]
...
is
...
in
...
the
...
late
...
winter
...
or
...
early
...
spring.
...
CanSecWest
...
[5]
...
is
...
in
...
the
...
spring.
...
Smaller
...
conferences
...
are
...
scattered
...
in
...
between.
...
Many
...
of
...
these
...
conferences
...
rely
...
on
...
presenters
...
describing
...
novel
...
attack
...
methods
...
in
...
varying
...
degrees
...
of
...
detail.
...
However,
...
in
...
order
...
for
...
researchers
...
to
...
analyze,
...
develop,
...
and
...
demonstrate
...
those
...
techniques,
...
vulnerabilities
...
are
...
often
...
uncovered
...
in
...
extant
...
products.
...
That
...
means
...
that
...
coordinating
...
the
...
disclosure
...
of
...
the
...
vulnerabilities
...
they've
...
found
...
is
...
a
...
common
...
part
...
of
...
the
...
conference
...
preparation
...
process
...
for
...
presenters.
...
The
...
CERT/CC
...
often
...
observes
...
an
...
increased
...
rate
...
of
...
vulnerability
...
reports
...
a
...
few
...
months
...
in
...
advance
...
of
...
these
...
conferences.
...
Vendors
...
would
...
do
...
well
...
to
...
be
...
aware
...
of
...
these
...
schedules
...
and
...
be
...
prepared
...
to
...
respond
...
quickly
...
and
...
appropriately
...
to
...
seemingly
...
inflexible
...
deadlines
...
for
...
disclosure.
Vendor Reputation and Willingness to Cooperate
...