18th April 2021, Kathmandu
A new GitHub repository has been created to document and track the times when vulnerability disclosure has gone sour.
The Research Threats project details historical legal battles between researchers and the target organizations whose software was found to have security flaws.
It was constructed on high of information collected in an already-established list by safety researcher and “vulnerability historian” Jericho, whose data date again to 2006.
Talking to The Everyday Swig, researcher Sick Codes, who alongside Jericho and Casey John Ellis maintains the repo, mentioned the transfer to GitHub was made to present each researcher and organizations the chance to each add and alter data, one thing that “wouldn’t have occurred” on the unique web site.
Analysis or research Threats is an ‘assortment of over-reactions, calls for, and stop and desist letters.
Research Threats offers a timeline of notable vulnerability disclosure incidents from 2006 up to the present day, including descriptions of the legal threat and how it was resolved, if at all.
It also has a ‘goodies’ folder, in which researchers can upload copies of correspondence they have received from companies or lawyers acting on their behalf.
Anyone can make pull requests to change the information in this growing database, creating a level playing field for all parties involved.
Making the timeline open source also improves its accuracy, reducing the risk of misreporting cases, according to Sick Codes.
