<— Back

With Great Research Comes Great Responsibility

For years, the cybersecurity community argued about how researchers should disclose newly discovered vulnerabilities in information technology products.  After considerable debate and not a little rancor, the industry settled on a set of principles for that process, known as responsible or coordinated vulnerability disclosure.  As the disclosure process has become regularized, another problem has become prominent: post-disclosure communications about disclosed vulnerabilities in a cybersecurity product.  As an industry, we need to talk about such vulnerabilities in order to disseminate protections and prompt appropriate action.  On the other hand, using disclosed vulnerabilities for marketing purposes is tempting but ultimately counterproductive.  Since we currently lack principles for such post-disclosure communications, uncertainty about acceptable behavior runs rampant.  This talk will propose that the cybersecurity industry develop a “responsible vulnerability communication” code of conduct, and it will outline what some of the components of such a code could be. 

Michael Daniel – Cyber Threat Alliance

Michael Daniel serves as the President & CEO of the Cyber Threat Alliance (CTA), a not-for-profit membership association that enables cyber threat information sharing among cybersecurity organizations.  Prior to CTA, Michael served as US Cybersecurity Coordinator from 2012 to 2017, leading US cybersecurity policy development both domestically and internationally, facilitating US government partnerships with the private sector, and coordinating significant incident response activities.  From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the U.S. Intelligence Community.  Michael also works with the private sector Ransomware Task Force, Aspen Cybersecurity Group, the World Economic Forum’s Global Future Council on Cybersecurity and the Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem.  In his spare time, he enjoys running and martial arts.