Web: http://arxiv.org/abs/2209.10717

Sept. 23, 2022, 1:24 a.m. | Nicholas Boucher, Ross Anderson

cs.CR updates on arXiv.org arxiv.org

While vulnerability research often focuses on technical findings and
post-public release industrial response, we provide an analysis of the rest of
the story: the coordinated disclosure process from discovery through public
release. The industry-wide 'Trojan Source' vulnerability which affected most
compilers, interpreters, code editors, and code repositories provided an
interesting natural experiment, enabling us to compare responses by firms
versus nonprofits and by firms that managed their own response versus firms
that outsourced it. We document the interaction with bug …

disclosure industry trojan

More from arxiv.org / cs.CR updates on arXiv.org

Artificial Intelligence and Cybersecurity Researcher

@ NavInfo Europe BV | Eindhoven, Netherlands

Senior Security Engineer (E5) - Infrastructure Security

@ Netflix | Remote, United States

Sr. Security Engineer (Infrastructure)

@ SpaceX | Hawthorne, CA or Redmond, WA or Washington, DC

Senior Global Security Compliance Analyst

@ Snowflake Inc. | Warsaw, Poland

Staff Security Engineer, Threat Hunt & Research (L4)

@ Twilio | Remote - Ireland

Junior Cybersecurity Engineer

@ KUDO | Buenos Aires

iOS Engineer (hybrid / flexibility / cybersecurity)

@ Qustodio | Barcelona, Spain

Security Engineer

@ Binance.US | U.S. Remote

Senior Information Systems Security Officer (ISSO)

@ Sigma Defense | Fayetteville, North Carolina, United States

ATGPAC Battle Lab - Ballistic Missile Defense Commander/Operations Manager

@ Sigma Defense | San Diego, California, United States

Cyber Security - Head of Infrastructure m/f

@ DataDome | Paris

Backend Engineer, Govern: Threat Insights

@ GitLab | Remote