LAS VEGAS: The increasing willingness of vendors to work with security researchers is making the process of reporting vulnerabilities easier, according to a panel of Black Hat presenters.
The researchers, all of whom were presenting their findings under the "Breaking things" track of the conference, said that many firms have grown more receptive to vulnerability reports and are more willing to work with researchers.
"Things have definitely gotten a lot faster, some comps even have deadlines to turn around a fix," said Chris Rholf, a consultant with Leaf Security Research.
"I think vendors have gotten a lot better, and bounties are proof of that."
James Forshaw, a consultant with Context Information Security, discovered a high-profile .NET vulnerability which Microsoft patched earlier this year. He said that the true range and scope of the flaw was only realised when Microsoft conducted its own investigation into the issue.
"I did not realise how much of an issue it was until it had gone through a few months in Microsoft's vetting process, it turned out to be considerably more troublesome than they thought," he said.
"To a degree it pleased me in some ways to find something that is that troublesome in a product."
Not all vendors are as accommodating and willing to work with researchers. Fermin Serna, an information security engineer with Google, who uncovered a vulnerability in Internet Explorer, said that firms such as Microsoft, Facebook and Google tend to be more accommodating of vulnerability reports.
"Whenever they find a vulnerability they are super responsive," he said.
"The smaller vendors are not as good as the big ones."
Small Texas cable firm alleges foul play
Facebook will join fores with UK NGOs to tackle hate speech on the social network
A survey of local authorities has found that they face challenges in the areas of data, compliance and mobility.
More than 800,000 home users could be affected