What is Responsible Disclosure?
Responsible Disclosure is a benefit from the knowledge of security researchers by providing them transparent rules for submitting vulnerabilities to your team with a responsible disclosure policy. Your team has been implementing development best practices and have yet to face a security breach, but in the off event a security researcher discovers a vulnerability, it’s important to clarify a process that allows them to safely report the issue to your team.
Why do you need it?
Occasionally a security researcher may discover a flaw in your app. This leaves the researcher responsible for reporting the vulnerability. An ethical hacker will privately report the breach to your team and allow your team a reasonable timeframe to fix the issue, but in the case they do not, they may publicize the exploit to alert the public. This scenario can lead to negative press and a scramble to fix the vulnerability.
A responsible disclosure policy is the first step in helping protect your company from an attack or premature vulnerability release to the public.
Where can we help you?
- Understanding and determining the scope for BugBounty program
- Responsible Disclosure guidelines
- Responsible Disclosure rules and scope
- Rewards and budget for the program
- End to End setup and program management
- Vulnerability report triaging service