Why do multiple independent researchers find the same bug at the same time?
Multiple teams identified Meltdown and Spectre at the same time. How did that happen? A twenty year old flaw suddenly becomes “interesting “?
Joseph Steinberg explores is in an article in Inc. and comes to some interesting conclusions. Useful as he’s been involved in such matters himself.
I’d add that such research leads to either partial revaluation or notification under NDA or similar. In turn this moves the final declarations from all teams into the same timeline, resulting eventually in simultaneous publication.
- Steinberg, J. (2018). Why Cybersecurity Researchers Are Suddenly Discovering the Same Vulnerabilities After So Many Years | Inc. [online] available at https://www.inc.com/joseph-steinberg/why-do-multiple-cybersecurity-researchers-suddenly-discover-same-vulnerabilities-after-so-many-years.html [Accessed 9 Jan. 2018]