Top
image: Nextgov

Do you need a vulnerability disclosure program? The feds say yes

August 7, 2018

Category:

The US Federal Trade Commission (FTC) and Department of Justice (DOJ) are signaling that in the future organizations must have some form of vulnerability disclosure program (VDP) that lets good-faith security researchers report bugs. Most organizations lack any kind of VDP at all. A recent HackerOne study found that 94 percent of the Forbes Global 2000 do not have any way for researchers to report security issues.

A VDP offers a secure channel for researchers to report security issues and includes some process for triaging and mitigating those bugs in an appropriate manner. A VDP has become an industry best practice, and regulators and law enforcement are paying attention.

Read More on CSO Online