Abstract

Vulnerability disclosure is a widely recognized practice in the software industry, but there is a lack of literature detailing the firsthand experiences of researchers who have gone through the process. This work aims to bridge that gap by sharing our personal experience of accidentally discovering a DNS vulnerability and navigating the vulnerability disclosure process for the first time. We document our mistakes and highlight the important lessons we learned, such as the fact that public disclosure can be effective but can also be more time-consuming and emotionally taxing than anticipated. Additionally, we discuss the ethical considerations and potential consequences that may arise during each step of the disclosure process. Lastly, drawing from our own experiences, we identify and discuss issues with the current disclosure process and propose recommendations for its improvement. Our ultimate aim is to provide …

Date

July 19, 2023

Authors

Giovane CM Moura, John Heidemann

Journal

ACM SIGCOMM Computer Communication Review

Volume

53

Issue

2

Pages

2-10

Publisher

ACM