{"id":44277,"date":"2021-12-03T15:00:00","date_gmt":"2021-12-03T15:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/an-insider-s-account-of-disclosing-vulnerabilities"},"modified":"2021-12-03T15:00:00","modified_gmt":"2021-12-03T15:00:00","slug":"an-insiders-account-of-disclosing-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/","title":{"rendered":"An Insider&#8217;s Account of Disclosing Vulnerabilities"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Vulnerability management seems vexing to organizations and tech vendors. Vulnerabilities can take months to fix. In my recent experience, it can take close to a year for a vendor to issue a patch in the first place. There is a sordid history of security researchers being threatened with lawsuits for discovering vulnerabilities, but for the most part the challenge is that vendors are noncommunicative and slow to act when vulnerabilities are discovered.<\/p>\n<p>During the past two years, I&#8217;ve been working on <a href=\"https:\/\/www.forescout.com\/research-labs\/project-memoria\/\" target=\"_blank\" rel=\"noopener\"><span>Project Memoria<\/span><\/a><span>, which discovered nearly 100 vulnerabilities in the TCP\/IP stack (technology for communicating with connected devices) across multiple systems and devices<\/span><\/p>\n<p>In the process of responsible disclosure, we briefed government agencies, we communicated our findings globally, and we outlined recommendations for organizations to remediate their vulnerable systems and devices. The research was hard work, but it was even more challenging to manage the disclosure process.<\/p>\n<p>Typically, vulnerability disclosure involves at least three stakeholders: the researchers that discover the vulnerability, the vendor affected, and potentially an agency like Cybersecurity and Infrastructure Security Agency&nbsp;to help co-ordinate a response. However, supply chain vulnerabilities become even more complex as the number of stakeholders involved (the downstream vendors that have integrated vulnerable components into their own products) increases. It can become extremely challenging to assess which products are affected.<\/p>\n<p><strong>Zero Sense of Urgency<br \/><\/strong>Organizations understand that time is of the essence when it comes to contracts and will optimize networks and software to shave fractions of a second off their customers&#8217; experience, but when it comes to acknowledging vulnerabilities and working to remediate them, it&#8217;s anything but that.<\/p>\n<p>It was just over a year ago that my team and I&nbsp;wrapped up a weeklong endeavor reaching out to as many as 200 potentially affected technology vendors based on the vulnerabilities we discovered. As a best practice, vendors should proactively issue an advisory as soon as possible, but it took Schneider Electric 11 months to issue an <a href=\"https:\/\/download.schneider-electric.com\/files?p_Doc_Ref=SEVD-2021-285-06\" target=\"_blank\" rel=\"noopener\"><span>advisory<\/span><\/a><span>.<\/span><\/p>\n<p>When you consider the totality of the vendors, we engaged versus how many actually responded, it is mind boggling. Our team and collaborators reached out to 422 vendors and 341 have taken no action \u2014&nbsp;that&#8217;s 80%.<\/p>\n<p><strong>The Risk of Silent Patching<br \/><\/strong>When it comes to patching, silence is not golden. Unfortunately, many vendors silently issue patches to fix a vulnerability without ever publishing public documentation or assigning it a CVE ID. It has always been a problem, but it&#8217;s becoming bigger by the day.<\/p>\n<p>We encountered an example of silent patching earlier in the spring. The specific vulnerability, CVE-2016-20009, was originally discovered by Exodus Intelligence in 2016 but was never assigned a CVE ID. We independently replicated the discovery of this vulnerability in 2020 and spent months working with CERT\/CC to convince Wind River (the owners of Ipnet\/VxWorks) to assign an ID to the vulnerability.<\/p>\n<p><span>If another security research team could discover this vulnerability independently of Exodus Intelligence, then so could a malicious actor. When vendors silently patch vulnerabilities, they can leave their customers and partners vulnerable to attack because they don&#8217;t know they might be affected. It also leaves us security researchers duplicating work that has already been done.<\/span><\/p>\n<p><strong>Vendor Effort Is the Exception<br \/><\/strong>Security researchers are well acquainted with Newton&#8217;s First Law: inertia. It can take months for a vendor to act, if ever.<\/p>\n<p>In my and my colleagues&#8217; experiences, it usually took at least a week of scouting corporate websites and LinkedIn profiles to gather email addresses that were often nothing more than <span><a href=\"https:\/\/www.darkreading.com\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"5e373038311e262724703d3133\">[email&nbsp;protected]<\/a><\/span><span>. Some vendors would reach out for more information, but most vendors never reply, or they remain silent for months before acknowledging that they are affected.<\/span><\/p>\n<p>Ironically, some of these companies claim to be experts in physical security because they sell surveillance systems and access badges. However, it seems they lack the fundamentals of cybersecurity. When virtually every device has an IP address, including security cameras, this should be concerning.<\/p>\n<p><strong>Transparency and Collaboration Are Key<br \/><\/strong>Even when vendors do communicate vulnerabilities, some of them hide their advisories behind registration, while others make them publicly available. Some are specific and prescriptive about the vulnerability, while others remain vague. This variability in response makes it difficult for the asset owners, who ultimately must manage the risk of having vulnerable devices on their networks.<\/p>\n<p>As organizations increasingly adopt Internet of Things&nbsp;devices they want to be confident that vulnerabilities are not putting them at risk. When it comes to security, there are no guarantees, but the manufacturers of vulnerable devices need to be more responsible for doing everything they can to harden that device&#8217;s security. Their customers can and should hold them accountable.<\/p>\n<p>While too many vendors stay silent or do too little, we should highlight those vendors that do respond and act quickly. These vendors have a well-established product security team that has a dedicated presence on its company website. They have readily apparent and secure communication channels, such as email and PKI. And they have established internal processes that dictate how to respond when a vulnerability is disclosed. These are the best practices that vendors should be looking to emulate.<\/p>\n<p>Organizations with less mature security processes may feel anxious or afraid when they are alerted to a security vulnerability, so they need to understand that working with security researchers enables them to collaborate on solutions to mitigate vulnerable devices that cannot be patched (such as critical infrastructure). It takes time and patience to improve the security of connected devices, but it also takes a village. Manufacturers without the internal security resources to complete the due diligence of vulnerability assessment should lean into the broader cybersecurity community to collaborate with their peers and to share intelligence.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/an-insider-s-account-of-disclosing-vulnerabilities\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/an-insider-s-account-of-disclosing-vulnerabilities\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-44277","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>An Insider&#039;s Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Insider&#039;s Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-03T15:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"An Insider&#8217;s Account of Disclosing Vulnerabilities\",\"datePublished\":\"2021-12-03T15:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/\"},\"wordCount\":964,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt93bb7a06def9f5b8\\\/61a92cb339b865681b0dbf37\\\/DigitalPadlock_pinkeyes_Adobe.jpeg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/\",\"name\":\"An Insider's Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt93bb7a06def9f5b8\\\/61a92cb339b865681b0dbf37\\\/DigitalPadlock_pinkeyes_Adobe.jpeg\",\"datePublished\":\"2021-12-03T15:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt93bb7a06def9f5b8\\\/61a92cb339b865681b0dbf37\\\/DigitalPadlock_pinkeyes_Adobe.jpeg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt93bb7a06def9f5b8\\\/61a92cb339b865681b0dbf37\\\/DigitalPadlock_pinkeyes_Adobe.jpeg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-insiders-account-of-disclosing-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Insider&#8217;s Account of Disclosing Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Insider's Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"An Insider's Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-03T15:00:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"An Insider&#8217;s Account of Disclosing Vulnerabilities","datePublished":"2021-12-03T15:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/"},"wordCount":964,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/","url":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/","name":"An Insider's Account of Disclosing Vulnerabilities 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg","datePublished":"2021-12-03T15:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt93bb7a06def9f5b8\/61a92cb339b865681b0dbf37\/DigitalPadlock_pinkeyes_Adobe.jpeg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/an-insiders-account-of-disclosing-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"An Insider&#8217;s Account of Disclosing Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44277"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44277\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}