Visible to the public ​You’ve Got a Vuln, I’ve Got a Vuln, Everybody’s Got a VulnConflict Detection Enabled


Ari Schwartz is Venable's Managing Director of Cybersecurity Services. He directs the firm’s cybersecurity consulting services, assisting organizations with understanding and developing risk management strategies, including implementation of the Cybersecurity Framework and other planning tools to help minimize risk. Previously, Mr. Schwartz served at the White House National Security Council, as Special Assistant to the President and Senior Director for Cybersecurity where he led legislative and policy outreach to businesses, trade groups and others. Before his work at the White House, Schwartz led the Department of Commerce’s Internet Policy Task Force, worked at the National Institute of Standards and Technology, and served for twelve years at the Center for Democracy and Technology.


You’ve Got a Vuln, I’ve Got a Vuln, Everybody’s Got a Vuln — For many years, researchers and IT vendors have often been at odds trying to determine how to coordinate disclosure of newly found vulnerabilities in a way that gives researchers credit but ensures that a patch is ready to deploy before the vulnerability is made public. As coordination has been standardized and leaks of vulnerabilities found by governments have increased, new pressure has mounted on governments when they find vulnerabilities to share those with the vendor. Recently, this has also been reversed where IT vendors are expected to give governments a heads up before a patch is deployed. This complicated area of cybersecurity policy affects privacy, public safety and national security. Ari Schwartz, a former Special Assistant to the President for Cybersecurity, will discuss the current state of vulnerability disclosure policy and how it could affect government, academic and private security research.


Creative Commons 2.5

Other available formats:

​You’ve Got a Vuln, I’ve Got a Vuln, Everybody’s Got a Vuln