{"id":1509,"date":"2018-05-25T17:28:00","date_gmt":"2018-05-25T17:28:00","guid":{"rendered":"http:\/\/e3313e47-223c-4e76-a507-3f1b70fa887e"},"modified":"2018-05-25T17:28:00","modified_gmt":"2018-05-25T17:28:00","slug":"your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/","title":{"rendered":"Your logo and branded vulnerability aren&#8217;t helping: How to disclose better"},"content":{"rendered":"<p><em>Video: Dropbox says new vulnerability disclosure rules will protect researchers<\/em><\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>In 2000, I leapt out of journalism and in to security communications. I was relocating to the San Francisco Bay Area and, despite the downturn, tech was king. I also wanted to lend my unique albeit non-technical skill set to a technology that protected people or, at the very least, attempted to reduce harm caused by <a href=\"https:\/\/www.zdnet.com\/article\/google-chrome-beware-these-malicious-extensions-that-record-everything-you-do\/\" target=\"_blank\">malicious behavior<\/a>.<\/p>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/trump-administration-releases-secret-rules-on-disclosing-security-flaws\/\">Trump administration releases rules on disclosing security flaws<\/a><\/strong><\/p>\n<p>Instead, in the close to 20 years since, I&#8217;ve seen marketers fail on many high-profile occasions to properly extol the merits of a capable research team, and choose to sensationalize risk and, as a result, fail to reduce harm. Too many compromises have been made in disclosing bugs with grandiose antics that show how smart a research team may be, but also diminish an organization&#8217;s credibility and leave users and systems more <a href=\"https:\/\/www.zdnet.com\/article\/here-is-every-patch-for-krack-wi-fi-attack-available-right-now\/\" target=\"_blank\">susceptible to attack<\/a>.<\/p>\n<p>During a keynote last month at <a href=\"https:\/\/www.youtube.com\/watch?v=AHvNj5VSBus\">Hack in the Box (HITB) Amsterdam<\/a>, I dug into the role of the marketer, or non-technical business leader, in reducing harm. It&#8217;s a topic I&#8217;ve long been passionate about, and have discussed at length in blogs, rants, and talks, but this time was different &#8212; I had a chance to deliver this talk to a technical and research audience.<\/p>\n<p>I broke it down into four basic questions and answers:<\/p>\n<ul>\n<li>What do manufacturers do? Try to make stuff that doesn&#8217;t harm\u2028<\/li>\n<li>What do security vendors do? Sell stuff intended to reduce harm\u2028<\/li>\n<li>What do researchers\/engineers\/practitioners do? Reduce harm\u2028<\/li>\n<li>What do marketers often do? Create risk or sensationalize in order to sell<\/li>\n<\/ul>\n<p>Of course, there are caveats to all of the above. <a href=\"https:\/\/www.zdnet.com\/article\/crapware-why-manufacturers-install-it-and-what-you-can-do-about-it\/\" target=\"_blank\">Manufacturers<\/a> inadvertently create the risk of harm; not all offerings sold by vendors do what they say they will; researchers, engineers, and practitioners are humans who make mistakes; and not all marketers create chaos.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/the-dark-web-is-now-a-hotbed-of-zero-day-vulnerabilities\/\">The Dark Web is the place to go to find bugs before public disclosure<\/a><\/strong><\/p>\n<p>But those who do have on occasion created additional harm, or at a minimum lent to confusion, fear, uncertainty, and doubt that distracts or disrupts a security practitioner&#8217;s ability to do her or his job. I used <a href=\"http:\/\/www.eweek.com\/security\/heartbleed-ssl-flaw-angst-aggravated-by-broken-disclosure-process\">Heartbleed and its marketing circus<\/a> and the <a href=\"https:\/\/ctrlfail.com\/2018\/03\/21\/amd-vs-cts-labs-is-not-your-usual-david-vs-goliath-story\/\">CTS vs. AMD disclosure disaster<\/a> as two examples of very wrong disclosure processes. But I didn&#8217;t have to go back that far, because <a href=\"https:\/\/www.riskbasedsecurity.com\/2018\/05\/efail-what-a-disclosure-fail-that-was\/\">the recent eFail<\/a> flaws were a prime example of everything that could go wrong in a poorly executed disclosure, starting with broken embargoes, rampant FUD disseminated through media coverage before the official and much less alarming technical report came out.<\/p>\n<p>Some coordinated disclosure fails are, quite simply, mistakes. Others are caused by willful ignorance. Sadly, many are also created by a lack of ethics and accountability for marketers, and non-technical business leaders, who are decision makers in how vulnerabilities are disclosed.<\/p>\n<p>We need to change this. We are going to change this and, by we, I mean myself and other marketers and non-technical business folks, working alongside <a href=\"https:\/\/www.zdnet.com\/article\/hackers-target-security-researchers-with-malware-laden-document\/\" target=\"_blank\">security researchers<\/a>, engineers, and practitioners. We are going to change the way business and marketing leaders interact with researchers and analysts, and raise the bar for ethics. We are going to empower researchers and analysts to advocate business and marketing leaders for better practices.<\/p>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/notifiable-data-breaches-scheme-getting-ready-to-disclose-a-data-breach-in-australia\/\">Notifiable Data Breaches scheme: Getting ready to disclose a breach in Australia<\/a><\/strong><\/p>\n<p>We can do this by allowing ethics to be our guide; to let the pursuit of reduction in harm to be at the forefront of every decision. If you work in the security industry, or if you work in a role in any organization that purports to protect, you are just as responsible as practitioners to do your part to protect users and systems from malicious intent. We can still market, we can still sell, but we can mature our organizations to consider not only the benefit to business, but the impact of our actions on the very people we are trying to shield (and, let&#8217;s be honest, also sell things, too).<\/p>\n<p>During my HITB talk, I created a potentially over-simplified decision tree that could serve as a guide for marketers, or non-technical business folks, to determine what action to take with a disclosure. The reasons to stop must be considered before any decision is made:<\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2018\/05\/25\/19f62eb6-b404-49cb-9988-2fdd829ab3a4\/resize\/770xauto\/f474073fa2a09a49eb20500169e13659\/coordinated-disclosure-decision-tree.png\" class=\"\" alt=\"coordinated-disclosure-decision-tree.png\" height=\"auto\" width=\"770\"\/><\/span><\/p>\n<p>You might ask how any <a href=\"https:\/\/www.zdnet.com\/article\/big-data-success-in-marketing-technology-requires-a-personal-touch\/\" target=\"_blank\">marketer<\/a> can do this, or should do this, and how can she or he do it quickly? One thing they can do is create a good relationship with the technical leadership in her or his organizations. Another idea is to create an ethics review or standards board (or process, if you&#8217;re a smaller organization) to ensure adherence to coordinated disclosure. At my current company, while we don&#8217;t (yet) have a formal review board, my team has worked closely with our intelligence team to reduce harm through our marketing, as well as educate the marketing team on how to spot content where the benefits do not outweigh the risk of publicizing it. My team also:<\/p>\n<ul>\n<li>Double checks with multiple internal folks to ensure statements are true<\/li>\n<li>Does not use statements that include scare tactics<\/li>\n<li>Never compromises operational security (OPSEC)<\/li>\n<li>Protects all sources, as well as personas (where applicable)<\/li>\n<li>Triple checks to ensure Investigations are not negatively disrupted<\/li>\n<\/ul>\n<p>Again, the above works because we partner with our intelligence team and researchers. For the broader security community, we marketers see your tweets screaming about us and bad public relations and we know you are right when you call out a dumpster fire in motion. Imagine, however, how much better we all could be if you proactively engaged with your marketing teams or <a href=\"https:\/\/www.zdnet.com\/article\/tech-companies-to-disclose-foreign-software-probes-under-us-bill-report\/\" target=\"_blank\">PR agencies<\/a> and offer education on disclosure? Who knows the implications of security better than those who work hands-on to secure, harden, and protect? Your voice is strong, and we need it to impact change. Here are just a few ideas:<\/p>\n<ul>\n<li>Speak with your management about creating an ethics or standards board<\/li>\n<li>Express the end state you want is more truth and better security<\/li>\n<li>Share that you are willing to support on a committee to provide guidelines<\/li>\n<li>Company doesn&#8217;t have a coordinated disclosure policy? Build one<\/li>\n<li>Require credit for your work<\/li>\n<li>Call out marketers, but focus on sharing how to do better vs. focusing just on what sucks<\/li>\n<\/ul>\n<p>The industry&#8217;s best minds will be at <a href=\"https:\/\/www.zdnet.com\/article\/denied-entry-united-states-black-hat-blow-to-security-research\/\" target=\"_blank\">Black Hat US<\/a> in a few short months &#8212; yes, technical folks and marketers alike. Let&#8217;s talk about why logo disclosures aren&#8217;t the best path forward, and how things such as a standards board can guide the industry through the next internet-wide vulnerability disclosure without creating more risk. It has to be more than a panel discussion or a birds-of-a-feature session. It needs to be an interactive dialogue between technical and non-technical professionals, with next steps and outcomes. I will build it. Will you come? Tell me on <a href=\"http:\/\/www.twitter.com\/mediaphyter\">Twitter<\/a> (hashtag #reduceharm).<\/p>\n<h3>Previous and related coverage<\/h3>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/chilling-effect-lawsuits-threaten-security-research-need-it-most\/\"><strong>Lawsuits threaten infosec research &#8212; just when we need it most<\/strong><\/a><\/p>\n<p>Security researchers and reporters have something in common: both hold the powerful accountable. But doing so has painted a target on their backs &#8212; and looming threats of legal action and lawsuits have many concerned.<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/why-marketers-must-revere-security-research\/\"><strong>Dump the snake oil and show security researchers some respect<\/strong><\/a><\/p>\n<p>Hacker Summer Camp kicks off this weekend, and with many conferences, there&#8217;s a very noticeable &#8220;race to first&#8221; by marketing teams. In that race, marketers need to first revere the research and respect the researchers, especially heading into the next 10 days. Here&#8217;s why.<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/have-security-conferences-become-an-army-of-noise\/\"><strong>Have security conferences become an &#8216;army of noise&#8217;?<\/strong><\/a><\/p>\n<p>Of the hundreds of security conferences, the vast majority are interchangeable in terms of content. Some up-and-coming events are reducing the noise, providing better opportunities for learners, and booking fresh faces on the main stage.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are going to change the way business and marketing leaders interact with researchers and analysts, and raise the bar for ethics. We are going to empower researchers and analysts to advocate business and marketing leaders for better practices.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1510,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-1509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Your logo and branded vulnerability aren&#039;t helping: How to disclose better 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Your logo and branded vulnerability aren&#039;t helping: How to disclose better 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-25T17:28:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"433\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Your logo and branded vulnerability aren&#8217;t helping: How to disclose better\",\"datePublished\":\"2018-05-25T17:28:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\"},\"wordCount\":1327,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\",\"name\":\"Your logo and branded vulnerability aren't helping: How to disclose better 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png\",\"datePublished\":\"2018-05-25T17:28:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png\",\"width\":770,\"height\":433},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Your logo and branded vulnerability aren&#8217;t helping: How to disclose better\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Your logo and branded vulnerability aren't helping: How to disclose better 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/","og_locale":"en_US","og_type":"article","og_title":"Your logo and branded vulnerability aren't helping: How to disclose better 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-25T17:28:00+00:00","og_image":[{"width":770,"height":433,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Your logo and branded vulnerability aren&#8217;t helping: How to disclose better","datePublished":"2018-05-25T17:28:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/"},"wordCount":1327,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/","url":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/","name":"Your logo and branded vulnerability aren't helping: How to disclose better 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png","datePublished":"2018-05-25T17:28:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better.png","width":770,"height":433},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/your-logo-and-branded-vulnerability-arent-helping-how-to-disclose-better\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Your logo and branded vulnerability aren&#8217;t helping: How to disclose better"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1509"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1509\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1510"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}