The Vendor / Researcher Relationship Needs Improvement presented at Romhack 2022

by James Forshaw,

Summary : In an ideal world the security of a vendor’s products would only rely on their own efforts and no external help is necessary. However, that’s not the world we live in today. External security researchers are still an integral part of making a product secure for the masses. Even so, the approach a vendor takes to an external researcher can vary wildly, from outright hostility to full acceptance of the valuable role they play in product security.

Regardless of their approach most vendors could do something to improve. For this presentation I’ll describe some products I have reviewed where a better relationship between the vendor and researcher could have made all the difference to their security. I’ll describe some improvements that can be made so that vendors and researchers can work together to make their products consistently meet, or even exceed expectations.