Repairing The internet With Responsible Disclosures presented at deepsec 2017

by Victor Gevers,

Summary : In 2016 a non-profit organization, GDI.foundation, operated by volunteers, started reporting vulnerabilities as responsible disclosures (coordinated vulnerability disclosures) and helping victims of ransom attacks worldwide under the name PROJECT366.
As chairman & co-founder of that organization I would like to share the experiences and challenges they have faced so far. In the last 19 years I, Victor Gevers (@0xDUDE) have made over 5,250 security reports without getting in trouble with the law. In this talk, you’ll be taken through the experiences of the last 19 years in “how you could report ‘bad news’ and show our attempts to report as many vulnerabilities as humanly possible and how to deal with those on the other side, the organizations who receive these reports and the challenges each side faces.