2020: A Good Year for Hackers

Disclose.io Recap for 2020

2020 Highlights

In spite of a lot going on around us, 2020 was a very good year for hackers, and there is much to celebrate as we charge up for 2021.

I wanted to post a quick, and by no means incomplete, recap of some of the amazing stuff disclose.io members and contributors saw happen in the interest of the health of the Internet’s Immune System:

  • The DHS/CISA BOD 20-01 mandate for vulnerability disclosure was finalized and actioned.

  • We responded to the Voatz amici briefing in the Van Buren case, which was subsequently cited in the case documents despite coming in after the Amici Briefing cut-off… Judging by the hearings, the SCOTUS judges read and paid attention to it too.

  • Election Systems manufacturers including ES&SDominion, and Hart all launched VDPs with safe harbor provisions based on the disclose.io core terms.

  • We signed on to a letter alongside EFF, the CDT, and others protesting the politicization of Election Security ahead of the termination of Chris Krebs.

  • @cyberlawclinic published “A Researcher’s Guide to Some [US] Legal Risks of Security Research” by @KendraSerra and others, with a shoutout to @disclose_io#diodb, and the need for clear VDP language from Vendors.

  • The IoT Cybersecurity Improvement Act of 2020 was signed into law, including requirements for VDP.

  • The NIST 800-53 R3 standard came out with a core recommendation for VDP and an excellent explanation of “why it’s not really an option if you think about it”.

  • Amazon Web Services (AWS) adopted the core terms with full safe harbor, representing a sizeable percentage of the Internet.

  • CISA released it’s GUIDE TO VULNERABILITY REPORTING FOR AMERICA’S ELECTION ADMINISTRATORS, referencing the disclose.io dioterms repository.

  • The States of Iowa and Ohio both launched VDPs, also with full authorization provisions.

  • We saw more organization deploy the disclose.io seal as a signal to hackers, their customers, and their industry peers that they are taking proactive steps to listen to the Internet’s security feedback.

  • The diodb list broke 2,000 entries and is now pushing towards 3,000!

    Get involved!

    This simplest way to get engaged with The disclose.io Project is:

    I hope each of you have an amazing and restful holiday season, however you’re planning to celebrate this year, and that there are opportunities to connect, reflect, and refresh ahead of what is shaping up to be an important and impactful 2021!