ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Legal Ramifications of Vulnerability Disclosure"
Episode Synopsis
Episode 20 of the podcast covers a discussion on business and legal implications around vulnerability disclosure. (01:23) Question 1: How would you advise clients/companies to react to security researchers with knowledge of a vulnerability when they contact the organization? Should companies treat this as incident response? (03:39) Question 2: What kind of business and legal issues do those disclosures pose? How should companies weigh out the risks? (06:17) Question 3: How should security researchers think about approaching companies with vulnerability disclosures? (10:40) Question 4: With regard to disclosure, what should organizations say and not say and to whom? Can those disclosures be coordinated with the white hats who bring the CVEs over to them? What’s the best way to get ahead of the media’s desire to shine light on these issues as news items? (14:09) Question 5: Are there any helpful case studies to delve into for our listeners - ie - where in your practice have you seen this work out well for clients and not so well?
More episodes of the podcast the CYBER5
Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka
08/03/2023
The Top Nisos Investigations Of the Last Seven Years with Nisos Research Principal Vincas Ciziunas
08/02/2023
The Vital Role of Customer Success in Intel Programs with Senior Director of Nisos Brandon Kappus
24/01/2023
In God we trust