Google Debuts Quality Ratings for Security Bug Disclosures

Bugcrowd founder and chief technology officer (CTO) Casey Ellis applauds the effort by Google to define the elements of a high-quality vulnerability disclosure. “Nothing happens without effective communication. … The power of crowdsourcing brings with variability in how vulnerability submitters communicate, and the downstream effectiveness of the report at communicating the risk to those who need to fix it,” Ellis told Dark Reading in response to the new VRP rules. “Google stepping up to help educate the hacker community on ‘the things which make communication more effective’ is an enormous win for both the space and the community itself.”