Daniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner’s dilemma thought experiment to create a (more?) perfect vendor disclosure policy.

In this episode:

  • The difference between coordinated disclosure and responsible disclosure [00:37]
  • Prisoner’s dilemma: how to incentivize desired disclosure behavior [06:17]
  • Security researchers and pen testers versus vendors (versus customers?!) [10:03]
  • Trying to please everyone with a single disclosure policy [12:23]
  • The mythically perfect disclosure policy… and how close we can land [19:33]
  • Feedback and communication goals for real-world vendor disclosure policies [24:09]

Additional resources: