The number of manufacturers in cyber safety industries who have coordinated vulnerability disclosure programs is quickly growing. We encourage more engagement between manufacturers and researchers, along the lines of our Position on Disclosure.

Automotive

Medical Devices

Public Infrastructure

Home

Third-Party Vulnerability Coordinators and other disclosure resources

  • CERT/CC – Part of the a non-profit Software Engineering Institute (SEI).
  • US-CERT or ICS-CERT – The US government’s incident handling and vulnerability coordination organizations.
  • FDA – The US regulator for medical devices has asked researchers to reach out by email with questions or issues AskMedCyberWorkshop@fda.hhs.gov
  • Bug Crowd, HackerOne, SynAck – Companies that run disclosure programs for other organizations, and may help coordinate with organizations not on their platform.
  • Email common addresses, such as security@, psirt@, safety@, productsecurity@, etc.
  • See if anyone in your network has contacts at the company, without inadvertently disclosing the issues.

Resources for Companies

If you know of other public coordinated vulnerability disclosure policies or resources, we ask that you let us know. info -at- iamthecavalry.org