Techly NewsGet the app

Get the latest tech news

Ridiculous vulnerability disclosure process with CrowdStrike Falcon [2022]


We found a security related issue in most recent CrowdStrike Falcon Sensor. The bug itself is not worth a blogpost, as the severity is pretty low. However, we'd like to shed some light on a vulnerability submission and disclosure process with CrowdStrike: It was pretty weird.

After providing CrowdStrike with a draft of the security advisory and exploit source code we were informed that they could not replicate the issue with an updated version of the sensor. Mutual non-disclosure agreements and restrictions imposed by bug bounty programs limit the disclosure process. Many bug bounty reports never assign CVE-IDs, leading to a false perception of security and software quality.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CrowdStrike Falcon

CrowdStrike Falcon

« Buy Microsoft Project Pro or Microsoft Visio Pro for $20 right now: Last chance