Prisoner Priorities: Why Disclosure Policies Can’t Please Everyone | Security Insights Podcast, Episode 30
Last updated:
Daniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner’s dilemma thought experiment to create a (more?) perfect vendor disclosure policy.
In this episode:
- The difference between coordinated disclosure and responsible disclosure [00:37]
- Prisoner’s dilemma: how to incentivize desired disclosure behavior [06:17]
- Security researchers and pen testers versus vendors (versus customers?!) [10:03]
- Trying to please everyone with a single disclosure policy [12:23]
- The mythically perfect disclosure policy… and how close we can land [19:33]
- Feedback and communication goals for real-world vendor disclosure policies [24:09]
Additional resources:
- Listen to the original coordinated disclosure discussion (Episode 25: Microsoft’s Coordinated Disclosure Discussion from BlackHat & DefCon ’22)
- More about Daniel Spicer, Chief Security Officer (LinkedIn)
- More about Amanda Wittern, Deputy Chief Security Officer (LinkedIn)
- Meet your hosts, Chris Goettl and Ashley Stryker
- Join the conversation!
