Policy for sharing Censys Rapid Response queries
At Censys, our Rapid Response program is dedicated to providing valuable insights to the broader security community. We publicly share a significant portion of our output to help improve understanding and prioritization of threats. You can review the advisories, blogs, and live dashboards in Rapid Response Archives.
Our goal is to level the playing field and empower defenders with data on emerging vulnerabilities. While we strive to provide meaningful, actionable data, we also prioritize responsible data sharing and carefully consider the potential impact of the information we release.
Considerations for providing queries
When deciding whether to share Censys Search queries for devices affected by Rapid Response issues, we take a deliberate and case-by-case approach. We consider a range of criteria about each issue to ensure responsible disclosure and maximize the positive impact on the community. These include, but are not limited to:
Type of Asset Affected
We take into account the type and importance of the affected asset. For instance, if the asset is highly critical, such as industrial control infrastructure, we are less likely to share the search query. Conversely, if the asset is less critical or handles less sensitive data, we are more inclined to share the query.
Device Count
We are less likely to share a query if our dataset shows a relatively small number of affected devices, around 100 or fewer, as each host becomes more exposed and potentially actionable in this scenario. Conversely, if the number of affected devices is very large, in the range of hundreds of thousands to millions, we are more likely to share the query.
Scale of Active Exploitation
If the issue is widely known and actively exploited, with potential involvement from known threat actors, we are less likely to share the search query.
Ransomware Cases
For ransomware incidents, we are more likely to share search queries for compromised hosts since they have already been breached. This helps researchers understand the extent of ongoing attacks and identify any patterns among the affected systems.
Modified Queries for Broader Discovery
In situations where we choose not to share queries that identify specific vulnerable versions, we may provide more abstract queries instead. For example, we may show readers how to broadly discover exposures of a particular affected device or software without directly specifying vulnerable versions.
Our goal is always to lower the bar for researchers and security practitioners to discover and address critical vulnerabilities, while carefully managing the details we disclose.
Comments
0 comments
Please sign in to leave a comment.