Policy Pulse - Issue #7 | Week of March 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Joining the Security Research Legal Defense Fund Board
Casey Ellis and Jen Ellis join the SRLDF board to strengthen legal defense for good-faith security researchers. Here's what it means and how you can help.
Policy Pulse - Issue #6 | Week of March 15, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: White House Cyber Strategy, CVE program funding secured, UK Computer Misuse Act reform, EU CRA vulnerability guidance, and DHS shutdown delays CIRCIA.
Policy Pulse - Issue #5 | Week of March 1, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: RUSI explores cyber deputisation and letters of marque, UK launches Cyber Essentials push, curl kills its bug bounty over AI slop, and the MITRE CVE contract enters its final two weeks.
Policy Pulse - Issue #4 | Week of February 22, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: Australia mandates VDPs for all smart devices, MITRE CVE contract enters final countdown, and a researcher who found children's data exposed gets threatened with prosecution.
Policy Pulse - Issue #3 | Week of February 15, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research. This week: CISA BOD 26-02 targets unsupported edge devices, MITRE CVE contract hits 30-day countdown, and UK CMA statutory defence takes shape.
Modes of Public Vulnerability Disclosure: A 2026 Update
Understanding the taxonomy of vulnerability disclosure—from private to full to coordinated—and why the industry has converged on 90 days as the rational baseline. Updated for 2026 with the latest from disclose.io Policymaker.
Policy Pulse - Issue #2 | Week of February 8, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Policy Pulse - Issue #1 | Week of February 1, 2026
Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.
Research on legal risk experiences — seeking interviewees
Academic research exploring the legal risks security researchers face when discovering and reporting vulnerabilities. If you've experienced legal threats or prosecution related to security research, your story could help shape better protections.
The disclose.io Community Forum is Back—Here’s How to Dive In
The disclose.io community forum has been relaunched with new features for security researchers and organizations. Learn how to join the conversation, connect with fellow researchers, and contribute to safer vulnerability disclosure practices.
Bill Proposal: Unpacking the Cyber Conspiracy Modernization Act
The Cybercrime Conspiracy Modernization Act (CCMA), introduced by Senators Mike Rounds (R-SD)