As I have discussed before, PayPal has published a vulnerability disclosure policy that attempts to remove chilling effects for researchers wishing to responsibly disclose a security vulnerability. Until today I thought that PayPal and Microsoft were alone in having policies that explicitly gave security waivers to security researchers who practiced responsible disclosure.
I was informed of one, and discovered another example of a similar policy and I'm proud to say there are now several more policies like PayPal's:
If anyone knows of others, please let me know as I'd going to try to keep a running list.
Monday, December 28, 2009
Friday, December 18, 2009
Best Security Improvements in 2009?
Taking a cue from Jeremiah's list of new 2009 hacking techniques I thought I'd start a list of best improvements in security in 2009.
So far I haven't come up with many substantial improvements, but I do have a starter list in no particular.
[Updated list based on Jeremiah's recommendations]
Your recommendations welcomed.
So far I haven't come up with many substantial improvements, but I do have a starter list in no particular.
[Updated list based on Jeremiah's recommendations]
- IE8 removed CSS expressions support
- Rails now does output escaping by default?
- The new STS header.
- Firefox checks for updates to plugins
- Mozilla Content Security Policy (CSP)
- Microsoft IE8 X-Frame-Options anti-framing header
Your recommendations welcomed.
Subscribe to:
Posts (Atom)