Shellshock a Fail for Security Disclosure

At the annual SecTor Toronto security conference, one of the key highlights for the last several years has been the Fail Panel, which examines the areas where the security industry did not succeed and where lessons of the past have still not been learned.

This year was no exception. At the 2014 edition of the Fail Panel, the major topic of discussion was the big brand-name vulnerabilities like Heartbleed, Shellshock and POODLE and how they are properly — or in some cases improperly — disclosed.