Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?


1 min read

Episode 20: Legal Ramifications of Vulnerability Disclosure

Aug 20, 2020 5:41:07 AM

Episode 20 of the podcast covers a discussion on business and legal implications around vulnerability disclosure with Aaron Charfoos, Partner at Paul Hastings

  • (01:23) Question 1: How would you advise clients/companies to react to security researchers with knowledge of a vulnerability when they contact the organization? Should companies treat this as incident response?
  • (03:39) Question 2: What kind of business and legal issues do those disclosures pose? How should companies weigh out the risks?
  • (06:17) Question 3: How should security researchers think about approaching companies with vulnerability disclosures?
  • (10:40) Question 4: With regard to disclosure, what should organizations say and not say and to whom? Can those disclosures be coordinated with the white hats who bring the CVEs over to them? What’s the best way to get ahead of the media’s desire to shine light on these issues as news items?
  • (14:09) Question 5: Are there any helpful case studies to delve into for our listeners - ie - where in your practice have you seen this work out well for clients and not so well?






Topics: podcast cyber5

Written by Nisos

Post a Comment