Difference between revisions of "Hardware Hacking"

From csn
Jump to navigation Jump to search
Line 3: Line 3:
 
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:  
 
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:  
  
  "90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix".
+
  90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix
  
 
== Working Docs ==
 
== Working Docs ==

Revision as of 06:40, 6 December 2022

Responsible and Ethical Disclosure

Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:

90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix

Working Docs

Links =

References