Prisoner Priorities: Why Disclosure Policies Can’t Please Everyone | Security Insights Podcast, Episode 30

Last updated: December 15, 2022

Daniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner’s dilemma thought experiment to create a (more?) perfect vendor disclosure policy.

In this episode:

The difference between coordinated disclosure and responsible disclosure [00:37]
Prisoner’s dilemma: how to incentivize desired disclosure behavior [06:17]
Security researchers and pen testers versus vendors (versus customers?!) [10:03]
Trying to please everyone with a single disclosure policy [12:23]
The mythically perfect disclosure policy… and how close we can land [19:33]
Feedback and communication goals for real-world vendor disclosure policies [24:09]

Additional resources:

Listen to the original coordinated disclosure discussion (Episode 25: Microsoft’s Coordinated Disclosure Discussion from BlackHat & DefCon ’22)
More about Daniel Spicer, Chief Security Officer (LinkedIn)
More about Amanda Wittern, Deputy Chief Security Officer (LinkedIn)
Meet your hosts, Chris Goettl and Ashley Stryker
Join the conversation!
- Ivanti Twitter
- Ivanti LinkedIn

Blog

Prisoner Priorities: Why Disclosure Policies Can’t Please Everyone | Security Insights Podcast, Episode 30

Related Posts

Blog

Prisoner Priorities: Why Disclosure Policies Can’t Please Everyone | Security Insights Podcast, Episode 30

Related Posts

Women in Cybersecurity: Personal Experiences and Progress | Security Insights Podcast, Episode 29

April 2024 Patch Tuesday

Cloud Security: Indiana Bob’s Server Closet Versus Data Centers | Security Insights Podcast, Episode 28