Instead of oversimplifying a highly complex and diverse ecosystem with ‘One Policy to Rule Them All,’ in an article on Dark Reading I’ve outlined five actionable recommendations vendors and researchers can take to begin building trust. For additional context and examples, my 20 minute presentation at Kaspersky Security Analyst Summit 2016 is embedded below.
tl;dr - The security industry doesn't need a one-size-fits all vulnerability disclosure policy. It needs a culture change. Getting everyone to the table is the first step.