LAS VEGAS: The increasing willingness of vendors to work with security researchers is making the process of reporting vulnerabilities easier, according to a panel of Black Hat presenters.
The researchers, all of whom were presenting their findings under the "Breaking things" track of the conference, said that many firms have grown more receptive to vulnerability reports and are more willing to work with researchers.
"Things have definitely gotten a lot faster, some comps even have deadlines to turn around a fix," said Chris Rholf, a consultant with Leaf Security Research.
"I think vendors have gotten a lot better, and bounties are proof of that."
James Forshaw, a consultant with Context Information Security, discovered a high-profile .NET vulnerability which Microsoft patched earlier this year. He said that the true range and scope of the flaw was only realised when Microsoft conducted its own investigation into the issue.
"I did not realise how much of an issue it was until it had gone through a few months in Microsoft's vetting process, it turned out to be considerably more troublesome than they thought," he said.
"To a degree it pleased me in some ways to find something that is that troublesome in a product."
Not all vendors are as accommodating and willing to work with researchers. Fermin Serna, an information security engineer with Google, who uncovered a vulnerability in Internet Explorer, said that firms such as Microsoft, Facebook and Google tend to be more accommodating of vulnerability reports.
"Whenever they find a vulnerability they are super responsive," he said.
"The smaller vendors are not as good as the big ones."
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones