
Facebook launches ThreatExchange, a platform to share security threats - jjude
http://venturebeat.com/2015/02/11/facebook-launches-threatexchange-an-api-based-platform-that-lets-companies-share-security-threat-info/
======
_nullandnull_
There seems to be some confusion in the comments here. This platform isn't for
sharing or reporting vulnerabilities. It is for sharing data or indicators of
compromise related to attacks. This data could be URLs or IPs, etc. The
sharing of this type of data is already a common practice in vetted
communities. Here are some links with more information.

[http://threatexchange.fb.com/#slide=1](http://threatexchange.fb.com/#slide=1)

[https://www.facebook.com/notes/protect-the-
graph/understandi...](https://www.facebook.com/notes/protect-the-
graph/understanding-online-threats-with-threatdata/1438165199756960)

------
helfire
I was just thinking about a similar type of exchange/broker for individuals to
contact companies who may not be happy with responsible disclosure (ie, you're
using their service and it is your only option, but if you disclose something
they cut off your account).

There are so many stories on HN of people doing their version of 'responsible
disclosure', there's no hard/fast rules and can be intimidating if you don't
know how the other party will react.

------
chiph
What if I have a product with a vulnerability, but I'm not on their platform?
How is this better than the researcher emailing the firm directly with the
steps to repro?

------
eridal
> Ever since it became trendy to be security conscious, companies have come
> out of the woodwork peddling snake oil. These are the same companies that
> try to market things like “crowdsourced security” as a way to get security
> professionals for a bargain.

Taken form "The Need for Open Research in Software Security"

[https://news.ycombinator.com/item?id=9032956](https://news.ycombinator.com/item?id=9032956)

